{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib6rbbabimg6hbrxpol33ks722taryaziq7ff2ctcfe32bbxn43ae",
    "uri": "at://did:plc:pgryn3ephfd2xgft23qokfzt/app.bsky.feed.post/3mmqwql3gbfy2"
  },
  "path": "/t/secbert-to-detect-anomalous-log-entries/176237#post_1",
  "publishedAt": "2026-05-26T10:39:02.000Z",
  "site": "https://discuss.huggingface.co",
  "textContent": "Hi,\n\nI am using the secbert model to build a SIEM application that detects normal and anomalous log entries. I trained the secbert model using CSIC (web) log entries. During inferencing i am finding that the model is detecting even normal entries as anomalous entries.\n\nTo keep the training time reasonable to start with i am using 2000 rows (log entries) to train the model. I am using a set of 4 diagnostic log entries for inferencing - 2 normal and 2 anomalous. the model is detecting all the 4 log entries as anomalous. while looking at the raw logits for the 4 entries, there seems to be a small difference in the raw logits, the risk scores are around the same value.\n\nHow to go about determing what is happenning ? Has anyone used secbert for a similar purpose ?\n\nThanks,\n\nVijay",
  "title": "Secbert to detect anomalous log entries"
}