Hi! π
Inspired by the #learningaistudio challenge, I decided to leverage the capabilities of Google AI Studio by building a SOC simulator.
Why a Security Operations Center simulator?
Having a robust Security Operations Center is a critical point for any organization which aims to become security mature. While this benefits the organization as a whole, focusing on a micro-perspective, it helps the cybersecurity analysts to properly manage the alerts.
Probably you stumbled across the term alert fatigue. This represents a common undesired situation, which can be avoided by having a well-built SOC. Give a search on Google and you'll find a lot of content related to this phenomenon.
Using the Build function in Google AI Studio, I offered this prompt
Imagine you are a SOC professional with 10 years experience. Build a SOC simulator having capabilities similar to Splunk and Elastic.
Here's what you can find:
- On the left- pane side, there's the alert queue, showing 5 alerts of different severity levels: critical, high, medium and low. It's displayed also the corresponding status New, Investigating Resolved.
- On the top, 4 tiles display the number of total alerts, of new incidents, of critical alerts and that of high- severity alerts
- In the center there is the alert title, details and log, AI incident response book which gives the possibility to check each step (massive help for self-organization) -On the top right corner of the central pain, the analyst can select the status.
Improvements
While the result is impressive, certain improvements could be done:
- assign a responsible
- classify the alert as false positive or true positive
- write an incident report checked by AI
- export statistics in CSV, PDF, JSON
Final thoughts
Pretty impressive what you can reach with Google AI Studio. The AI playbooks are handy so the responder can fully concentrate on the actions to be done.
Let me know your thoughts about this!
Top comments (1)
Now on GitHub:
SOC simulator with playbook
SOC Simulator
Having a robust Security Operations Center is a critical point for any organization which aims to become security mature. While this benefits the organization as a whole, focusing on a micro-perspective, it helps the cybersecurity analysts to properly manage the alerts. Probably you stumbled across the term alert fatigue. This represents a common undesired situation, which can be avoided by having a well-built SOC. Give a search on Google and you'll find a lot of content related to this phenomenon.
Run and deploy your AI Studio app
This contains everything you need to run your app locally.
Run Locally
Prerequisites: Node.js
npm installGEMINI_API_KEYin .env.local to your Gemini API keynpm run dev