Generative AI Enabled Actionable Decision Support in Cyber Security Operations for Enterprise Security

Generative AI Enabled Actionable Decision Support in Cyber Security Operations for Enterprise Security

연구 분야: Safety

학회: 2024 ITU Kaleidoscope: Innovation and Digital Transformation for a Sustainable World (ITU K)

In the evolving cyber threat landscape, enterprises employ multiple security solutions such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR). Security analysts are inundated with millions of security event logs from such security tools that makes it increasingly complex to manage and analyze these huge data effectively. Further, there is unavailability of dedicated as well as skilled manpower who can understand and analyse such security events. This paper proposes a novel approach based on generative AI using the state-of-the-art Mistral-7B language model to generate clear and actionable security response messages from these event logs. We demonstrate that this cutting-edge language model can translate complex logs into human-understandable security insights which can enhance analysts’ ability to prioritize and respond to threats.