LLM-based Assistant for L-x Security Operation Center (SOC) Analyst

Overview

There is a notable increase in cyberattacks, targeting vital digital services like energy, water, oil plants, communication and transportation infrastructure, etc. The lack of right cybersecurity and resilience solutions can transform the blessing of the digital transformation into a curse, thus leaving significant societal threats and economic damage. Security Operation Centers (SOC) are therefore becoming a necessary part of every digital and critical infrastructure with the main roles of defining cybersecurity policies, processes, and implementing detection and response mechanisms and tools. 

Existing SOC tools like SIEM/SOAR/XDR are mainly good at the detection part, whereas human analysts are still required to investigate and respond on each potential vulnerability or threat event. Analysis can have different levels of responsibilities, e.g., L1 works on triage and escalates first checked vulnerability alerts to L2 for further investigation. With the advent of LLM, we envision a great opportunity to build an analyst assistant GPT tool that can infer additional insights and partial auto investigations from the data and environment. The expectation is to make the analyst’s investigation faster and easier and thus thwart any threat asap. This project explores the feasibility and capabilities of using LLMs for detection and for different analysts' assistant levels.