DarkLight PROs can also support activity-based intelligence (ABI) tradecraft to reveal hidden data that can only be inferred from what is known, and to discover the unknown unknowns in the cyber ecosystem. This type of ABI tradecraft reasoning focuses on transactions, behaviors, and activities rather than signatures or mathematical algorithms. Unlike a black box machine learning approach, the logic is exposed, defendable, and can be used for instruction and knowledge transfer.
DarkLight’s PROs capture the human analytic tradecraft knowledge needed to support automated, evidence-based sense-making and decision-making in the cyber ecosystem. PROs are easy to create by human analysts and can be shared with other DarkLight users both internal and external to the organization. Capturing human analytic tradecraft in PROs also protects the organization from “brain drain” should the analyst leave and enables the “crowdsourcing” of tradecraft expertise from the wider community of trust. These PROs are portable and powerful, and they can be created, shared and evolved by internal teams and the cybersecurity community.