LOGTITAN leverage automated behavioral profiling to automatically detect anomalies and autonomously define rules on the data, to discover security events that require investigation. Behavior analysis and profiling relies on statistical modeling and data science in LOGTITAN in order to identify patterns of behavior and compare them against other human or machine activities. The Profiler is a feature extraction mechanism that can generate a profile describing the behavior of an entity. An entity might be any field of messages like protocol used in communication as well as a server, user, subnet or application. Once a profile has been generated defining what normal behavior looks-like, models can be built that identify anomalous behavior.
In LOGTITAN; Profiler is enhancing SIEM Correlation Rules Through Baselining. This is achieved by summarizing the streaming telemetry data consumed by LOGTITAN over sliding windows. Profiling is compressing time. A summary statistic is applied to the data received within a given window. Collecting this summary across many windows results in a time series that is useful for analysis.
Events and Trends
Any field contained within a message can be used to generate a profile. A profile can even be produced by combining fields that originate in different data sources. A user has considerable power to transform the data used in a profile by leveraging the LOGTITAN correlation engine. LOGTITAN Rule As a Code platform  which is powered by JAVA is the defining point for profiles. Profiler in correlation engine can be configured using JAVA.
A profile definition requires JAVA method definition. The specification contains the following elements.