7 Short Links on Cyber Security Alert Triage Automation

A short listing of research papers I’ve discovered recently that aim to automate or speed up cyber security alert triage (alert prioritization/ranking, causal event correlation, and enrichment).

• NODOZE: Combatting Threat Alert Fatigue with Automated Provenance Triage
• OmegaLog: High-Fidelity Attack Investigation via Transparent Multi-layer Log Analysis
• Towards a Timely Causality Analysis for Enterprise Security
• ProPatrol: Attack Investigation via Extracted High-Level Tasks
• Exploiting Time and Subject Locality for Fast, Efficient, and Understandable Alert Triage
• Deep learning for prioritizing and responding to intrusion detection alerts
• Automated Threat-Alert Screening for Battling Alert Fatigue with Temporal Isolation Forest

–Jason
@jason_trost

The “short links” format was inspired by O’Reilly’s Four Short Links series. This was originally published on my personal blog at covert.io.