Lightning Talk: Enhance Investigations Using LLM, Embeddings, and Clustering

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=fWcgWO-IWuA


Duration: 0:00
192 views
2

Generative AI and Large Language Models (LLM) have become increasingly popular over the last couple of years. The attackers are using this technology to gain advantages, thus, so should the defenders. This session will examine an innovative method of utilizing a LLM, an embedding model, and a Machine Learning clustering algorithm in concert to help overcome some common limitations of GenAI when applying it to larger datasets of forensic data commonly found in DFIR investigations. The technique that will be demonstrated can be a handy tool to have for triaging certain types of data points such as command line executions. This method will first be demonstrated via Jupyter Notebook to show the fun technical details of how and why this method works, then, an open-source tool that can run against native Windows Event Logs will be released and demonstrated that automates this method allowing you to partake in the fun!

SANS AI in Cybersecurity Summit 2024
Lightning Talk
Enhance Investigations Using LLM, Embeddings, and Clustering
Speaker: Matthew Seyer, Director, KPMG, LLP

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2024-10-14Supply Chain Attacks: Why Security Leaders Must Act Now
2024-10-14Navigating the Al Frontier: The Next Wild Innovation
2024-10-14From Compliance to Leadership: What Every CISO Needs to Know
2024-10-14Why Should You Attend SANS Cyber Defense Initiative 2024?
2024-10-09Lightning Talk: AI for SOC Teams - Enhancing Incident Response and Vulnerability Management
2024-10-09How GenAI is Changing Your SOC for the Better with Seth Misenar
2024-10-09From Clues to Containment - Unraveling A Gift Card Fraud Scheme with Mark Jeanmougin
2024-10-04Making Secure AI Real: Real Threats, Lessons Learned, and Future of the Secure AI Technology Stack
2024-10-04AI’s Achilles’ Heel: Navigating the OWASP Top 10 for LLMs
2024-10-04Lightning Talk: Markov Chains - potentially faster log analysis
2024-10-04Lightning Talk: Enhance Investigations Using LLM, Embeddings, and Clustering
2024-10-04Lightning Talk: Co-bots, Not Robots: Artificial Intelligence in Security Operations
2024-10-04“Secure AI” is 20 Years Old
2024-10-04Gen-AI for DFIR in the Real World: Practical Use Cases
2024-10-04The Frontier of Cybersecurity: Defending Against AI-Based Threats
2024-09-27SANS Threat Analysis Rundown with Katie Nickels | Sep. 2024 Edition
2024-09-23Into the Looking Glass, Medical Device Cybersecurity | Veronica Schmitt
2024-09-23Healthcare - Industrial Control Security for Pharmaceuticals | Dean Parsons
2024-09-23Welcome to the SANS Healthcare Forum 2024 | Rich Greene and Stacy D
2024-09-23Healthcare Threat Landscape and Risk Mitigation | Nitin Natarajan, CISA
2024-09-23AI in Medical Diagnostics | Rob T. Lee and James Lyne