anyone can help me? I had a model about intrusion detection system using machine learning, and I used dataset kdd99cup, Now I want to get data from raw logs from SIEM or switch core, how can i get data from raw logs to put into training model? thanks a lot.
I saw that in logs file of SIEM, there are only some features similar to features in Dataset kdd99cup, I have no idea how to get more date from logs.
