Intelligent SOC Chatbot for Security Operation Center

Abstract

Information security analysts currently face many challenges: both hidden and visible in the face of unique attack records. The rapid increase patterns of security monitoring and investigation tools (as an average of 20 security solutions have been used per company) leads to frequent changing between screens, alert fatigue, disjointed record keeping, and increased investigation time. This chatbot can suggest the flow of investigation and the relevant commands that will help to obtain the results which need to be resolved the incident. Automate the incident ticket creation is one of major achievement of this research. Security analysts also receive messages of security alerts of the AWS hosted instances. Security analysts are also continuing to work on their sub tasks, quite overloaded with their main tasks to engage in collaborative investigations and knowledge sharing. Chat-Ops help to vanquish and meet those challenges. Processes, automated workflows, the chatbot, security tools, and humans exist in the same chat window feeding data and commands in a worthy cycle. It will lead to huge changes in everything from remediation times and investigation depth to future learning and knowledge administration. Different analysts will drive the investigation in different ways. Most of the time, analysts will miss most important parts and techniques, but those parts could be very valuable for the result. The investigation flow and commands will suggest based on past investigations and commands that previous analysts were used. This chatbot will help in many ways of current analyst who work in a security operation center.