Abstract

Traditional threat intelligence platforms often overwhelm analysts with vast amounts of unfiltered data, leading to information overload and hard to understand insights. Straight up using LLMs for security related queries causes LLMs to hallucinate and that makes them unreliable in situations as LLMs aren't trained or have access to latest information. This presentation introduces a modern approach to threat intelligence analysis using large language models (LLMs) like Google Gemini, combined with free RSS readers and Google Drive. We'll demonstrate how to leverage LLMs to create a curated dataset of threat intelligence from diverse sources, enhancing the accuracy and context of insights generated. This approach empowers analysts to gain personalized, relevant insights, overcoming the limitations of traditional platforms. We'll detail the steps to set up your own LLM-powered threat intel sink using RSS readers like Feedly or The Old Reader, emphasizing its cost-effectiveness and scalability. Additionally, we'll discuss potential limitations and future enhancements, such as integrating private CTI feeds and SIEM systems.

Speaker

Pavan Karthick M

Hey there, I am Threat researcher from CloudSEK. I hunt for prominent and rising threats in the threat landscape. I do threat analysis & research, automation, malware research, development in tools which aid for automated analysis and other ways which benefit me and my organisation.

Timing

Starts at Saturday July 20 2024, 12:40 PM. The sessions runs for about 1 month.

Resources