The ML Log Monitoring solution quickly found two groups of IPs for evaluation.
The first set was pretty obviously malicious based on just looking at the query parameters, and could probably have been handled by tuning the WAF on CloudFront better.
The second find was better. The data scientist originally thought that these second groups may be a false positive. Deeper analysis of the IP addresses found a few gems, including a few WhiteHat scanning companies.
With this new data, Metal Toad could block problem IP addresses and ensure that DC Entertainment could stay secure for another Comic Con.