Timeline
| Week | Description of Task | Status |
|---|---|---|
| W1 | Decide on project and submit initial proposal | Completed |
| W1 | Investigate feasibility of retrieving Microsoft Teams messages as initial dataset |
Completed |
| W1 | Write initial script to collect dataset of all security alerts from Teams. (Source code here) |
Completed |
| W1 / W2 | Perform initial research on ML, LLM, and agentic RAG and construct initial library of resources |
Completed |
| W2 | Collect dataset of all security alerts from Teams | Completed |
| W2 | Collect dataset of all internal wiki pages | Completed |
| W2 | Write initial script to collect dataset of all pages and policies from the organization's public security site. (Source code here) |
Completed |
| W2 | Collect dataset of all security web pages, incluing policies | Completed |
| W3 | Research proper data formats for training AI models | In Progress |
| W3 | Build a local LLM test environment for deploying new models | Completed |
| W3 | Research existing LLM models as a potential base model | Completed |
| W4 | Build formal outline of the project, specific data sets in use, and testing methodology for verification |
Completed |
| W4 | Construct a set of scripts to convert raw datasets to proper format for ingestion |
Completed |
| W4 | Convert datasets to proper format for ingestion | Completed |
| W5 | Construct a formal technical architecture diagram for the project |
Completed |
| W5 | Test potential LLMs for usability and accuracy of responses | In Progress |
| W5 | Test LLMs against existing alerts and synthetic alerts to establish a baseline of results |
In Progress |
| W5 | Begin training LLM with alert data based on prior research | Completed |
| W6 | Continue to train and tune LLM with existing security data | In Progress |
| W6 | Build API for interacting with the model | Not Started |
| W7 | Build Teams webhook pipeline for auto-populating data | Not Started |
| W7 | Build mechanism for security operations team to provide feedback on responses |
Not Started |
| W7 | Test model with synthetic alerts to assess responses | Not Started |
| W8 | Implement “production” Teams alert pipeline | Not Started |
| W8 | Collect responses from Security Operations team members | Not Started |
| W8 | Develop plan for evaluating Security Operations responses | Not Started |
| W9 | Measure responses from Security Operations team to evaluate accuracy | Not Started |
| W9 | Build statistics for final results | Not Started |
| W9 | Use results to further train model | Not Started |
| W9 | Identify further areas of improvement to the solution based on responses | Not Started |
| W9 | Explore solution limitations, future work, etc. | Not Started |
| W10 | Write Final Project Report | Not Started |
| W11 | Write Final Project Report | Not Started |