AI Security Research Portal
Sourcessourceseed2026-07-04ai-securityai-for-securityai-socsecurity-incident-analysisragmitre-attacklog-analysis

Retrieval-Augmented LLMs for Security Incident Analysis

Capture

Abstract Summary

The paper presents a RAG-based system for cybersecurity incident analysis. It combines targeted query-based filtering, MITRE ATT&CK-associated query libraries, and LLM semantic reasoning to reconstruct malware and Active Directory attack scenarios within context limits.

Why It Matters For The Wiki

This source is important for evaluating whether AI SOC should rely on generic chat context or structured retrieval over telemetry. It is also useful for comparing RAG-style SOC evidence collection against agentic investigation and provenance contracts.

Recommended Ingest Notes