Скачать или смотреть Finding Relevant Alerts, Events and Logs

Finding Relevant Alerts, Events and Logs

🎙️ Ezz Tahoun, Lead researcher, University of Waterloo
📍 Presented at SANS DFIR Summit 2025

In modern cybersecurity, the ability to connect isolated security alerts into coherent, actionable attack chains is essential. However, traditional detection methods often struggle to contextualize vast amounts of security data, leaving slow and stealthy attacks undetected within a sea of noise and false positives.

This talk introduces a novel approach using open-source AI models to map, cluster, and correlate security alerts in order to uncover coordinated attacks. Through clustering, knowledge graphs, and AI-driven correlation, this approach offers significant improvements in SOC (Security Operations Center) efficiency and effectiveness. We detail the methodology, open source tools, and results of this approach across diverse environments, including cloud, telecom, and industrial control systems.

View upcoming Summits: https://www.sans.org/u/DuS