Use machine learning (ML) models in Cortex XSOAR to analyze
and predict future behavior. Machine learning for phishing incidents.
Machine learning models enable Cortex
XSOAR to analyze and predict behavior through incident types and
fields. The model uses past incidents that have already been classified
to classify incoming events automatically.
Machine learning models are used mainly for phishing incidents.
You can train it to automatically recognize, for example, phishing
emails, emails that are legitimate, and those that contain spam.
Machine learning models enable you to do the following:
Use as part of a scoring/severity set.
To close incidents automatically more accurately than manually defining
Handle only incidents that the classifier marks as malicious.
You train models by inputting data through incident types and
fields. Cortex XSOAR returns all the incidents containing the specified
field. You can then map these field values into different verdicts.
The verdicts determine what the model predicts, so you should make
the verdict definitions meaningful.
By default, Cortex XSOAR trains models from input data contained
in an Email body, Email HTML, and Email subject. You can change
the name of the fields containing the subject and body. Cortex XSOAR
then trains a model and returns the accuracy of the model against