Enhance Effectiveness and Efficiency of Threat Intel Analysts using Generative AI
Category: Data Enrichment and Threat Intelligence
Cyware Products Used:
Orchestrate
Collaborate
Third-Party Integrations Used:
OpenAI: Generative AI to create concise threat intelligence reports.
Problem Statement
Threat intelligence analysts continuously gather and analyze information about existing and emerging threats that pose a risk to the organization’s security. This allows security teams to identify, prioritize, and respond to potential disruptive incidents and work toward prevention and mitigation. However, analysts face challenges in handling large amounts of data, identifying real threats, and providing useful insights to security teams.
Solution
Threat intel analysts need a solution that can automatically extract useful information and generate a summary of any threat intelligence article, blog, or write-up into a concise report that highlights the important points and provides important insights to the analyst. This allows analysts to quickly highlight the important details of a threat intel such as indicators, relationships, severity, and remediation strategies in a report.
Cyware uses OpenAI as a connector app to parse the information from web pages and automatically convert them to threat intelligence reports, before sharing them as Collaborate alerts to members.
How do we solve this problem?
The solution is to use a comprehensive Orchestrate playbook to automate the process. The playbook performs the following tasks:
Receive URL Input: The playbook starts when it receives a URL input from the analyst for creating a report summary. For example, let us assume that you want to generate a summary report for this blog.
Perform Analysis: The playbook now downloads the contents of the web page and prepares a summary report using OpenAI’s generative AI model.
Sends a Notification: Once the report generation is completed, the playbook notifies the analyst via email that the report generation is completed along with the sample of the report. A sample report of the attached blog will look like this as shown in the below screenshot.
Send a Collaborate Alert: The playbook also onboards the report summary as a Collaborate alert. The alert is kept in draft status for analysts to manually add a category and recipients.
Benefits
Reduce Manual Effort
The solution automatically generates a summarized threat intelligence report by importing web pages. This eliminates the need for manual effort from analysts in creating a summary report, thereby enhancing their efficiency by saving time and effort. Analysts can then utilize this saved time to investigate critical threats more effectively.
Actionable Threat Intelligence
By generating a concise threat intelligence report, analysts can effortlessly extract actionable insights from vast amounts of data and either share the report with security teams or retain it for future reference.