Presentation Material
Abstract
With the rising volume of cyber threats, traditional CTI workflows often struggle to map threats efficiently. This session explores how local language models (LLMs) can automate critical CTI processes, extract intel in real-time and visualize them based on targeted industry by APTs and plot a timeline threat activity graph for known malware strains.
Using Python-based automation and local LLMs, attendees will learn how to:
- Query and Process Reports: Automatically download, normalize, and chunk data from publicly available sources.
- Map Threats to MITRE: Extract TTPs, IOCs, and other insights to map them to MITRE ATT&CK and identifying gaps in existing SOC/MDR detections.
- Attribute Threats: Use sandbox APIs and threat intelligence services to classify malware families and identify threat actors.
- Visualize Data: Transform extracted intelligence into knowledge graphs or operational dashboards to aid SOC decision-making.
- Automate Workflows: Implement periodic updates and scalable pipelines to ensure continuous threat intelligence processing.
By the session’s end, participants will have actionable strategies to implement local LLMs for CTI and improve their organization’s cyber defenses.
CONFidence 2025, 2 June 2025, 15:15–16:00, Kraków.