Large Language Models for Security Operations Centers: A Comprehensive Survey
Capture
- arXiv: 2509.10858
- DOI: https://doi.org/10.48550/arXiv.2509.10858
- Submitted: 2025-09-13; revised: 2025-09-19
- Source URL: https://arxiv.org/abs/2509.10858
Abstract Summary
This survey covers LLM integration into SOC workflows. It frames SOC pain points such as alert volume, resource constraints, delayed response, and threat-intelligence difficulty, then surveys LLM use for log analysis, triage, detection, and knowledge support.
Why It Matters For The Wiki
This can serve as a baseline map for AI SOC literature and help classify the more recent agentic and benchmark papers.
Recommended Ingest Notes
- Use as taxonomy/background source, not as primary evidence for a specific benchmark result.
- Link to AI Security Operations glossary terms and research gaps.