ÆCID - Automatic Event Correlation for Incident Detection

What is it?

Every day organizations are exposed to cyber attacks. Information security teams do their best, but it is very difficult to monitor the current situation, pinpoint leading indicators, respond to issues, and stay informed about latest attack vectors, methods and threats – and it is overwhelming to do all of this at the same time. ÆCID warns about deviations of the system network behavior reflected in the system’s log files and helps to discover emerging threats with its patented data mining solution.
Go to Self-learning


ÆCID uses a patented solution to build up system behavior models to understand relevant events and their relations. No human effort for manual definition of rules is necessary

Go to Applicable to legacy systems

Applicable to legacy systems

Effective applicability to legacy systems and systems with low market share – through self-learned model instead of manually defined parsers

Go to Event Correlation across systems

Event Correlation across systems

Correlation of events across systems, protocols and layers – ÆCID understands events of varying abstraction levels and can use multiple mining instances for increased scalability

Go to Connectivity to SIEMS

Connectivity to SIEMS

ÆCID does not replace an existing security solution – but runs in parallel and can be connected to SIEM solutions

ÆCID was developed in course of numerous national and international research projects and has reached a maturity level which makes it ready to be deployed in productive environments.

ÆCID Security Offerings

Continuously discover anomalies caused by advanced attacks and get informed about emerging issues in real time.

ÆCID is built on AIT’s patented solution for adaptive network log stream processing, which is inspired by approaches from the domain of bio informatics. This approach enables ÆCID to detect, classify and cluster frequently occurring patterns in log files and eventually distinguish the known good from unknown malicious activities specifically in your custom IT infrastructure – self-learning with minimal manual configuration effort.
ÆCID relies on a central log store and verbose logging activated. It operates on top of raw logs and alerts and reports findings seamlessly and directly to your existing SIEM solution via syslog connectors for further investigations. ÆCID is designed to complement your existing security solutions in place.

  • Support to establish a log management concept

  • Module to discover anomalies in log data streams

  • Suite for automatic configuration, optimization and orchestration of distributed logdata analysis

  • On-Site support for AMiner set-ups and ÆCID through AIT experts


Find us on Github


This is our team working on ÆCID

Florian Skopik

Project Manager

Petra Kölndorfer

Admin Specialist

Markus Wurzenberger

Model Engineering

Max Landauer

Algorithm Design

Manuel Kern

Attack Analytics

Wolfgang Hotwagner


Benjamin Akhras

CI/CD and Testing

Georg Höld

Algorithm Design – ÆCID Alumnus

Giuseppe Settanni

Data Analyst – ÆCID Alumnus

Roman Fiedler

System Architect – ÆCID Alumnus