The AI-Powered SOC Alert Triage Framework addresses critical operational challenges in modern Security Operations Centers(SOCs) by reducing alert fatigue and improving incident response efficiency. Traditional SIEM systems generate thousands of daily alerts, overwhelming security analysts with false positives and repetitive notifications. This project proposes a three-tier intelligent system integrating Wazuh SIEM with Machine Learning classification and Large Language Model enrichment capabilities. The ML component analyzes historical alert patterns to filter false positives, while the LLM layer provides contextualized summaries, extracts Indicators of Compromise, and generates step-by-step investigation plans. The system features automated alert processing, real-time classification, and a web-based dashboard for visualization and management. By automating routine triage tasks and providing actionable intelligence, this framework enables analysts to focus on genuine security threats rather than noise, ultimately strengthening organizational cyber resilience and reducing mean time to respond to security incidents.
Tools: Wazuh,PostgreSQL,React,FastAPI,LLAMA3,Uvicorn,Figma,Python
Department: Department of Computer Science
Poster
