The Lightning Talk discusses the application of Large Language Models (LLM), embeddings, and clustering in enhancing investigations within the context of cyber threats. By leveraging these technologies together, it aims to address the limitations of GenAI when dealing with extensive forensic datasets. The talk showcases a methodology that uses a combination of LLM, an embedding model, and a Machine Learning clustering algorithm for data triaging, particularly in scenarios such as analyzing command line executions
The practical demonstration involves explanations via Jupyter Notebook to illustrate the technical intricacies and benefits of this approach. Additionally, an open-source tool designed to automate this method on Windows Event Logs will be introduced, offering users a practical solution for their investigations and providing a deeper understanding of how these advanced technologies can be harnessed for cybersecurity defense. https://www.youtube.com/watch?v=fWcgWO-IWuA