Toward Autonomous SOC Operations
Capture
- arXiv: 2604.27321
- DOI: https://doi.org/10.48550/arXiv.2604.27321
- Submitted: 2026-04-30
- Source URL: https://arxiv.org/abs/2604.27321
Abstract Summary
The paper proposes an end-to-end LLM framework for SOC workflows that combines ensemble-based threat detection, syntax-constrained query generation, and retrieval-augmented resolution support. It targets SIEM query generation for IBM QRadar and Google SecOps and claims large reductions in incident triage time.
Why It Matters For The Wiki
This source is relevant to autonomous SOC pipelines and query-generation guardrails. It can help investigate whether LLM SOC systems should be decomposed into constrained detection, query, retrieval, and resolution modules rather than free-form agents.
Recommended Ingest Notes
- Extract claims on syntax-constrained query generation, metadata-grounded retrieval, resolution accuracy, and triage-time reduction.
- Compare with AgentSOC, SIABENCH, and RAG security incident analysis sources.