SAGA: Synthetic Audit Log Generation for APT Campaigns

SAGA is a tool that creates synthetic audit logs (detailed records of system activities) containing hidden Advanced Persistent Threats (APTs, which are long-term targeted cyberattacks) to help train and test detection systems. The tool mixes normal system activity logs with malicious activity based on known attack patterns from the MITRE ATT&CK framework (a database of real-world attack techniques), and researchers showed that machine learning models trained on these synthetic logs can identify new, previously unseen attack techniques.