Realistic enterprise security dataset with 23-day APT campaign (github.com)

A new synthetic security log dataset has been released, comprising over 8 million logs that simulate a 23-day Advanced Persistent Threat (APT) campaign. Created by a cybersecurity ML engineer, this dataset addresses the challenge of limited access to realistic, labeled security data, which is crucial for training and testing detection systems. It features detailed logs from 500 users across 10 departments and includes realistic patterns of benign and attack actions, alongside service account activities typical of enterprise environments. This innovative dataset aims to bridge the gap faced by security teams, which often rely on outdated or overly simplified scenarios that do not reflect the complexities of real-world breaches. The dataset underscores the practical realities of enterprise security by embedding attack signals within substantial benign activity, achieving a realistic signal-to-noise ratio of 0.007%. The attack, executed using commonplace tools and techniques, highlights the difficulty in discerning between legitimate and malicious behaviors in vast quantities of logs. With labeled attack data and comprehensive defense responses, it provides a valuable resource for training detection algorithms, validating incident responses, and enhancing the skills of security analysts in navigating the nuances of actual APT behaviors—a critical step towards reducing detection gaps in enterprise cybersecurity.