Automating Threat Advisory Report Generation Using Threat Intelligence

Automating Threat Advisory Report Generation Using Threat Intelligence

연구 분야: Safety

학회: 2023 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES)

A security operations center (SOC) is a necessary component of any organization. SOC analysts are the first to encounter threats to an organization. SOC environments are responsible for security incidents and event management (SIEM); therefore, SOC teams are tasked with monitoring incidents, threat hunting, and incident response for networks and systems. Threat advisory reports are manually written by SOC analysts using the threat intelligence gathered from various threat databases and RSS feeds. This process takes time because reports must be tailored to the organization’s specific requirements, and many organizations hire other organizations that provide SOC operations as a service. Therefore, for this report, the generation process takes more time. In the current world, every second matters regarding information security because an incident can escalate too quickly.This research aims to develop a solution that can generate threat advisory reports automatically in a productive, timesaving, cost-efficient, and accurate manner. Researchers are proposing to implement a dashboard system where the organization can specify its requirements, and based on those requirements, the solution will generate tailor-made threat advisory reports for the organization. This solution will allow the SOC teams to analyze and respond to threats rather than spend time hunting for them.