Security professionals have to deal with an ever larger volume of daily cyber threat intel that could contain crucial information for managing the next cyber outbreak. This volume is increasing faster than can be easily managed by just scaling up in terms of personnel. A more effective approach is therefore wanted. Because of the diversity of the information and the formats in which it is made available by various cyber security partners around the world, manually writing parser scripts is an endless race against changing threat intel formats.
Large Language Models offer a novel approach to this problem because of their flexibility of parsing information and inferring the right connections when given enough background information. TNO has created a proof of concept in cooperation with NCSC-NL that is able to ingest large and diverse amounts of cyber threat intel and provide a human-friendly chat interface to query about specific incidents and evolving trends in the changing cyber landscape.
