Infosec2024 Decoding SentinelOne's AI Threat Hunting Assistant


During Infosecurity Europe 2024, cybersecurity platform provider SentinelOne will showcase how Purple AI, its new assistant tool for cybersecurity professionals, can help speed up the work of skilled analysts and democratize threat hunting for other cyber practitioners.

First, using SentinelOne’s AI-powered product called ‘AI Security Analyst,’ they would ask a question in natural language – in English – about a potential threat. For instance: ‘Am I targeted by UNC1878?’

UNC1878 is the MITRE tracking identifier of a threat group that monetizes network access via the deployment of Ryuk ransomware.

The Purple AI engine pulls data from a proprietary data lake structured according to an open cybersecurity framework standard. Several AI algorithms, including a commercial large language model (LLM) with retrieval-augmented generation (RAG), are then trained on that data lake.

Read More…