Correlating logs and identifying patterns.

            Callable functions based on the schema of each of the micro structured logs and has the description that
            describes the capabilities (essentially each function can be thought as a procedure finder in Mitre attack
            TTP parlance)





























            Understanding threats and executing precise queries to detect emerging threats


            An LLM agent that comprehends a described threat, makes queries various stores with specific schemas,
            and identifies emerging threats.

























            The  above  approach  not  only  will  make  detection  engineering  possible  without  SIEM  and  SOAR  but
            would  make  security  engineers  focus  on  actual  development  of  code  to  detect  new  and  emerging
            procedures as opposed to learn how to work with SIEM and write SOAR playbooks.






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          143
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.