IBM Cyber Security Center of Excellence (CCoE)

Beer Sheva

in Collaboration with Ben-Gurion University of the Negev

March 28, 2022 - Threat Investigator application for Cloud Pak For Security SOAR to support security incident automatic tagging based on an algorithm from CCoE

Threat Investigator is part of the SOAR capabilities in IBM Cloud Pak For Security (CP4S). It helps the analyst by holding an automatic investigation of security incidents, cutting down the investigation time dramatically. Starting from CP4S SaaS version 1.11 an NLP algorithm developed in CCoE will automatically suggest tags to a security incident, based on the incident's data. Tags can indicate malware names, threat actors, TTPs, software and technologies involved in the attack. This will help the analyst quickly understand what happened before starting the manual investigation, as well as allow the SOC to analyze the types of security incidents the organization is facing. It will also help the SOC to search and index past incidents, learn about the expertise of the different SOC analysts and prioritize incidents based on the assigned tags.