Augmenting IT Security Alerts with RAG

A common problem faced by IT Security team is the high volume of daily security alerts coupled with varying levels of experience and institutional knowledge of the security operations staff.

This project attempts to address this issue by applying machine learning and retrieval augmented generation techniques to provide additional context to these events. By feeding these alerts, along with additional contextual data on how these security alerts are handled, this tool will provide the security operations team additional historical context for certain alerts. Analyses, such as frequency of similar security events and previous comments for similar security events, will be provided to analysts to assist with triaging and escalating events.

• Architecture
• Development Environment
• Training Tests
• Scripts
• Machine Learning Notes
• Timeline
• References