Okta logs are used today to detect cybersecurity events using various rule-based models with restricted look back periods. These functions have limitations, such as a limited retrospective analysis, a predefined rule set, and susceptibility to generating false positives. To address this, we adopt unsupervised techniques, specifically employing autoencoders. To properly use an autoencoder, we need to transform and simplify the complexity of the log data we receive from our users. This transformed and filtered data is then fed into the autoencoder, and the output is evaluated.

翻译：目前，OKTA日志通常采用基于规则的模型进行网络安全事件检测，这些模型具有有限的回溯周期。此类方法存在诸多局限，包括回顾性分析能力不足、依赖预定义规则集以及容易产生误报等。为解决这些问题，本研究采用无监督学习技术，特别是自编码器方法。为有效运用自编码器，我们需要对从用户处获取的日志数据进行转换与简化处理。经过转换和过滤的数据随后输入自编码器，并对输出结果进行评估。