{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T18:57:33Z","timestamp":1775156253195,"version":"3.50.1"},"reference-count":101,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T00:00:00Z","timestamp":1738281600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Korea government(MSIT)","award":["RS-2024-00402782"],"award-info":[{"award-number":["RS-2024-00402782"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The sophistication of cyberthreats demands more efficient and intelligent tools to support Security Operations Centers (SOCs) in managing and mitigating incidents. To address this, we developed the Security Event Response Copilot (SERC), a system designed to assist analysts in responding to and mitigating security breaches more effectively. SERC integrates two core components: (1) security event data extraction using Retrieval-Augmented Generation (RAG) methods, and (2) LLM-based incident response guidance. This paper specifically utilizes Wazuh, an open-source Security Information and Event Management (SIEM) platform, as the foundation for capturing, analyzing, and correlating security events from endpoints. SERC leverages Wazuh\u2019s capabilities to collect real-time event data and applies a RAG approach to retrieve context-specific insights from three vectorized data collections: incident response knowledge, the MITRE ATT&amp;CK framework, and the NIST Cybersecurity Framework (CSF) 2.0. This integration bridges strategic risk management and tactical intelligence, enabling precise identification of adversarial tactics and techniques while adhering to best practices in cybersecurity. The results demonstrate the potential of combining structured threat intelligence frameworks with AI-driven models, empowered by Wazuh\u2019s robust SIEM capabilities, to address the dynamic challenges faced by SOCs in today\u2019s complex cybersecurity environment.<\/jats:p>","DOI":"10.3390\/s25030870","type":"journal-article","created":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T09:16:26Z","timestamp":1738314986000},"page":"870","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Enhancing Security Operations Center: Wazuh Security Event Response with Retrieval-Augmented-Generation-Driven Copilot"],"prefix":"10.3390","volume":"25","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1131-6011","authenticated-orcid":false,"family":"Ismail","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan 46241, Republic of Korea"}]},{"given":"Rahmat","family":"Kurnia","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"given":"Farid","family":"Widyatama","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"given":"Ilham Mirwansyah","family":"Wibawa","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"given":"Zilmas Arjuna","family":"Brata","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"family":"Ukasyah","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"given":"Ghitha Afina","family":"Nelistiani","sequence":"additional","affiliation":[{"name":"SmartM2M Co., Ltd., 701, 702, Building A, Centum Skybiz, 97 Centumjungang-ro, Haeundae-gu, Busan 48058, Republic of Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8475-7294","authenticated-orcid":false,"given":"Howon","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Pusan National University, Busan 46241, Republic of Korea"}]}],"member":"1968","published-online":{"date-parts":[[2025,1,31]]},"reference":[{"key":"ref_1","unstructured":"(2024, December 16). Closing the Talent Gap: Technological Considerations for SOC Analyst Retention. Available online: https:\/\/solutionsreview.com\/security-information-event-management\/closing-the-talent-gap-technological-considerations-for-soc-analyst-retention."},{"key":"ref_2","unstructured":"(2024, December 16). Homegrown SOC Automation: Pros and Cons|Enterprise Tech News EM360Tech. Available online: https:\/\/em360tech.com\/tech-article\/homegrown-soc-automation-pros-and-cons."},{"key":"ref_3","unstructured":"(2024, December 16). Common SOC Challenges and How to Overcome Them\u2014Sennovate. Available online: https:\/\/sennovate.com\/common-soc-challenges-and-how-to-overcome-them\/."},{"key":"ref_4","unstructured":"(2024, December 16). How to Train Your SOC Staff: What Works and What Doesn\u2019t-SecurityWeek. Available online: https:\/\/www.securityweek.com\/how-train-your-soc-staff-what-works-and-what-doesnt\/."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"227756","DOI":"10.1109\/ACCESS.2020.3045514","article-title":"Security Operations Center: A Systematic Study and Open Challenges","volume":"8","author":"Vielberth","year":"2020","journal-title":"IEEE Access"},{"key":"ref_6","unstructured":"(2024, December 16). To Rule or Not to Rule: SIEMs and Their False Positives|CSO Online. Available online: https:\/\/www.csoonline.com\/article\/563285\/to-rule-or-not-to-rule-siems-and-their-false-positives.html."},{"key":"ref_7","first-page":"1","article-title":"The Evolution of Security Operations and Strategies for Building an Effective SOC","volume":"5","author":"Kaliyaperumal","year":"2021","journal-title":"ISACA J."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Perera, A., Rathnayaka, S., Perera, N.D., Madushanka, W.W., and Senarathne, A.N. (2021, January 2\u20134). The Next Gen Security Operation Center. Proceedings of the 2021 6th International Conference for Convergence in Technology, I2CT 2021, Maharashtra, India.","DOI":"10.1109\/I2CT51068.2021.9418136"},{"key":"ref_9","unstructured":"Arora, A. (2024, December 15). MITRE ATT&CK vs. NIST CSF: A Comprehensive Guide to Cybersecurity Frameworks; CloudDefense. Available online: https:\/\/www.clouddefense.ai\/mitre-attck-vs-nist-csf\/."},{"key":"ref_10","first-page":"62","article-title":"The Application of MITRE ATT&CK Framework in Mitigating Cybersecurity Threats in the Public Sector","volume":"25","author":"Islam","year":"2024","journal-title":"Issues Inf. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Stine, K., Quinn, S., Witte, G., and Gardner, R.K. (2020). Integrating Cybersecurity and Enterprise Risk Management (ERM).","DOI":"10.6028\/NIST.IR.8286-draft2"},{"key":"ref_12","unstructured":"Wainwright, T. (2024, December 15). Aligning MITRE ATT&CK for Security Resilience-Security Risk Advisors; Security Risk Advisors. Available online: https:\/\/sra.io\/blog\/the-road-to-benchmarked-mitre-attck-alignment-defense-success-metrics\/."},{"key":"ref_13","unstructured":"Freitas, S., Kalajdjieski, J., Gharib, A., and McCann, R. (2024). AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security. arXiv."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Fysarakis, K., Lekidis, A., Mavroeidis, V., Lampropoulos, K., Lyberopoulos, G., Vidal, I.G.M., i Casals, J.C.T., Luna, E.R., Sancho, A.A.M., and Mavrelos, A. (August, January 31). PHOENI2X\u2013A European Cyber Resilience Framework With Artificial-Intelligence-Assisted Orchestration, Automation and Response Capabilities for Business Continuity and Recovery, Incident Response, and Information Exchange. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Venice, Italy.","DOI":"10.1109\/CSR57506.2023.10224995"},{"key":"ref_15","unstructured":"Cado Security (2024, December 18). Best Open Source SOC Tools You Should Use. Available online: https:\/\/www.cadosecurity.com\/wiki\/best-open-source-soc-tools-you-should-use."},{"key":"ref_16","unstructured":"Absoluit (2024, December 18). Building a Powerful Open-Source Security Operations Center (SOC)-Absoluit. Available online: https:\/\/absoluit.com\/building-a-powerful-open-source-security-operations-center-soc\/."},{"key":"ref_17","unstructured":"Wazuh Inc (2024, November 18). Wazuh\u2014Open Source XDR. Open Source SIEM. Available online: https:\/\/wazuh.com\/."},{"key":"ref_18","unstructured":"HG Insights (2024, November 18). Companies Using Wazuh, Market Share, Customers and Competitors. Available online: https:\/\/discovery.hgdata.com\/product\/wazuh."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Younus, Z.S., and Alanezi, M. (2023, January 18\u201320). Detect and Mitigate Cyberattacks Using SIEM. Proceedings of the Proceedings-International Conference on Developments in eSystems Engineering, Istanbul, Turkiye.","DOI":"10.1109\/DeSE60595.2023.10469387"},{"key":"ref_20","unstructured":"OpenAI (2024, November 22). Hello GPT-4o|OpenAI. Available online: https:\/\/openai.com\/index\/hello-gpt-4o\/."},{"key":"ref_21","unstructured":"Mistral AI (2024, November 21). Pixtral Large|Mistral AI|Frontier AI in Your Hands. Available online: https:\/\/mistral.ai\/news\/pixtral-large\/."},{"key":"ref_22","unstructured":"Wiemer, R.D., and Eurecom, M.D. (2024, December 18). Security Operations & Incident Management Knowledge Area Version, Available online: http:\/\/www.nationalarchives.gov.uk\/doc\/open-."},{"key":"ref_23","unstructured":"Khamis, R., and Buallay, A. (2024). Enhancing Cybersecurity with IDS and SIEM Integration Detection. AI in Business: Opportunities and Limitations: Volume 2, Springer Nature."},{"key":"ref_24","unstructured":"Zeinali, S.M. (2016). Analysis of Security Information and Event Management (Siem) Evasion and Detection Method, Tallinn University of Technology."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Cinque, M., Cotroneo, D., and Pecchia, A. (2018, January 15\u201318). Challenges and Directions in Security Information and Event Management (SIEM). Proceedings of the 2018 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Memphis, TN, USA.","DOI":"10.1109\/ISSREW.2018.00-24"},{"key":"ref_26","unstructured":"Gartner Peer Insights (2024, December 18). IBM Security QRadar SIEM vs. Wazuh\u2014The Open Source Security Platform 2024|Gartner Peer Insights. Available online: https:\/\/www.gartner.com\/reviews\/market\/security-information-event-management\/compare\/product\/ibm-security-qradar-siem-vs-wazuh-the-open-source-security-platform."},{"key":"ref_27","unstructured":"SourceForge (2024, December 18). IBM QRadar SIEM vs. Splunk Enterprise vs. Wazuh Comparison. Available online: https:\/\/sourceforge.net\/software\/compare\/IBM-QRadar-SIEM-vs-Splunk-vs-Wazuh\/."},{"key":"ref_28","unstructured":"PeerSpot (2024, December 18). IBM Security QRadar vs. Wazuh Comparison 2024|PeerSpot. Available online: https:\/\/www.peerspot.com\/products\/comparisons\/ibm-security-qradar_vs_wazuh."},{"key":"ref_29","unstructured":"Kinney Group (2024, December 18). Splunk vs. QRadar: A SIEM Solution Comparison\u2014Kinney Group. Available online: https:\/\/kinneygroup.com\/blog\/splunk-vs-qradar\/."},{"key":"ref_30","unstructured":"InfosecTrain (2024, December 18). IBM QRadar vs. Splunk SIEM\u2014InfosecTrain. Available online: https:\/\/www.infosectrain.com\/blog\/ibm-qradar-vs-splunk-siem\/."},{"key":"ref_31","unstructured":"TechRepublic (2024, December 18). QRadar vs. Splunk (2023): SIEM Tool Comparison. Available online: https:\/\/www.techrepublic.com\/article\/qradar-vs-splunk\/."},{"key":"ref_32","unstructured":"eWeek (2024, December 18). QRadar vs. Splunk: SIEM Tools Review|eWeek. Available online: https:\/\/www.eweek.com\/security\/splunk-vs-ibm-qradar-siem-head-to-head\/."},{"key":"ref_33","unstructured":"Wazuh, Inc. (2024, December 18). Wazuh Documentation. Available online: https:\/\/documentation.wazuh.com\/current\/index.html."},{"key":"ref_34","unstructured":"Elastic, N.V. (2024, December 18). Elastic Stack: (ELK) Elasticsearch, Kibana & Logstash|Elastic. Available online: https:\/\/www.elastic.co\/elastic-stack."},{"key":"ref_35","unstructured":"teTrain (2024, December 18). Wazuh vs. Other SIEM Tools. Available online: https:\/\/www.tetrain.com\/tetra-blogs\/post\/107\/wazuh-vs-other-siem-tools.html."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"\u0160u\u0161kalo, D., Mori\u0107, Z., Red\u017eepagi\u0107, J., and Regvart, D. (2023, January 26\u201327). Comparative Analysis of IBM QRadar and Wazuh for Security Information and Event Management. Proceedings of the 34th DAAAM International Symposium on Intelligent Manufacturing and Automation, Vienna, Austria.","DOI":"10.2507\/34th.daaam.proceedings.014"},{"key":"ref_37","first-page":"301675","article-title":"A Comprehensive Analysis of the Role of Artificial Intelligence and Machine Learning in Modern Digital Forensics and Incident Response Article info","volume":"48","author":"Dunsin","year":"2023","journal-title":"Forensic Sci. Int. Digit. Investig."},{"key":"ref_38","unstructured":"Hays, S., and White, J. (2024). Employing LLMs for Incident Response Planning and Review. arXiv."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Georgiadou, A., Mouzakitis, S., and Askounis, D. (2021). Assessing Mitre ATT&CK Risk Using a Cyber-Security Culture Framework. Sensors, 21.","DOI":"10.3390\/s21093267"},{"key":"ref_40","unstructured":"ExtraHop (2024, December 13). RevealX\u2122 and the MITRE ATT&CK\u00ae Framework: How RevealX Differentiators Fuel Breadth and Depth of MITRE ATT&CK Coverage. Available online: https:\/\/www.extrahop.com\/resources\/revealx-mitre-attack-framework\/."},{"key":"ref_41","unstructured":"Cybereason (2024, December 13). MITRE ATT&CK and Building Better Defenses. Available online: https:\/\/www.cybereason.com\/hubfs\/White%20Papers\/MITRE_ATT&CK_and_Building_Better_Defenses.pdf."},{"key":"ref_42","unstructured":"Att, M. (2024, December 13). Best Practices for MITRE ATT&CK\u00ae Mapping, Available online: http:\/\/www.cisa.gov\/tlp\/.TLP:WHITE."},{"key":"ref_43","unstructured":"Daszczyszak, R., Ellis, D., Luke, S., and Whitley, S. Sponsor: USCYBERCOM TTP-Based Hunting. 2019. Dept. No.: P522; Contract No.: W56KGU-16-C-0010; Project No.: 0718N00A-WF. This Technical Data Deliverable Was Developed Using Contract Funds Under Basic Contract No. W56KGU-18-D-0004. Approved for Public Release; Distribution Unlimited. Public Release Case Number 19-3892. \u00a92020 The MITRE Corporation. All rights reserved. The MITRE Corporation: Annapolis Junction, MD, USA, 2020. Available online: https:\/\/www.mitre.org\/sites\/default\/files\/2021-11\/prs-19-3892-ttp-based-hunting.pdf."},{"key":"ref_44","first-page":"1","article-title":"MITRE ATT&CK: State of the Art and Way Forward","volume":"57","author":"Sadighian","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"ref_45","unstructured":"National Institute of Standards and Technology (2024, December 20). Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, Available online: http:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.04162018.pdf."},{"key":"ref_46","unstructured":"The White House (2024, December 20). Foreign Policy Cyber Security Executive Order 13636|The White House, Available online: https:\/\/obamawhitehouse.archives.gov\/issues\/foreign-policy\/cybersecurity\/eo-13636."},{"key":"ref_47","unstructured":"Chio, C., and Freeman, D. (2018). Machine Learning and Security: Protecting Systems with Data and Algorithms, O\u2019Reilly Media."},{"key":"ref_48","unstructured":"Wu, F., Zhang, Q., Bajaj, A.P., Bao, T., Zhang, N., Wang, R.F., and Xiao, C. (2023). Exploring the Limits of ChatGPT in Software Security Applications. arXiv."},{"key":"ref_49","unstructured":"Pordanesh, S., and Tan, B. (2024). Exploring the Efficacy of Large Language Models (GPT-4) in Binary Reverse Engineering. arXiv."},{"key":"ref_50","unstructured":"NVIDIA (2024, December 22). Optimizing T5 and GPT-2 for Real-Time Inference with NVIDIA TensorRT|NVIDIA Technical Blog. Available online: https:\/\/developer.nvidia.com\/blog\/optimizing-t5-and-gpt-2-for-real-time-inference-with-tensorrt."},{"key":"ref_51","unstructured":"Kim, S., Hooper, C., Wattanawong, T., Kang, M., Yan, R., Genc, H., Dinh, G., Huang, Q., Keutzer, K., and Mahoney, M.W. (2023). Full Stack Optimization of Transformer Inference: A Survey. arXiv."},{"key":"ref_52","unstructured":"Geeky Gadgets (2024, December 22). How Llama-3.3 70B Stacks Up Against GPT-4 and Other AI Models\u2014Geeky Gadgets. Available online: https:\/\/www.geeky-gadgets.com\/llama-3-3-70b-open-source-ai-model\/."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., and Tihanyi, N. (2024). Generative AI and Large Language Models for Cyber Security: All Insights You Need. arXiv.","DOI":"10.2139\/ssrn.4853709"},{"key":"ref_54","unstructured":"Aghaei, E. (2024, December 22). ehsanaghaei\/SecureBERT \u00b7 Hugging Face. Available online: https:\/\/huggingface.co\/ehsanaghaei\/SecureBERT."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1007\/978-3-031-25538-0_3","article-title":"SecureBERT: A Domain-Specific Language Model for Cybersecurity","volume":"Volume 462","author":"Aghaei","year":"2023","journal-title":"Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST"},{"key":"ref_56","unstructured":"Geeky Gadgets (2024, December 22). Mistral Pixtral 12B Open Source AI Vision Model Released\u2014Geeky Gadgets. Available online: https:\/\/www.geeky-gadgets.com\/mistral-pixtral-12b-ai-vision-model\/."},{"key":"ref_57","unstructured":"Hu, E.J., Shen, Y., Wallis, P., Allen-Zhu, Z., Li, Y., Wang, S., Wang, L., and Chen, W. (2021). LoRA: Low-Rank Adaptation of Large Language Models. arXiv."},{"key":"ref_58","unstructured":"Geeky Gadgets (2024, December 22). Fine Tuning Mistral Pixtral 12B Multimodal AI-Geeky Gadgets. Available online: https:\/\/www.geeky-gadgets.com\/fine-tuning-mistral-pixtral-12b-multimodal-ai\/."},{"key":"ref_59","unstructured":"Gao, Y., Xiong, Y., Gao, X., Jia, K., Pan, J., Bi, Y., Dai, Y., Sun, J., Wang, M., and Wang, H. (2023). Retrieval-Augmented Generation for Large Language Models: A Survey. arXiv."},{"key":"ref_60","unstructured":"NVIDIA (2024, December 16). What is Retrieval-Augmented Generation (RAG)?|NVIDIA. Available online: https:\/\/www.nvidia.com\/en-in\/glossary\/retrieval-augmented-generation\/."},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Lin, G., Feng, T., Han, P., Liu, G., and You, J. (2024). Paper Copilot: A Self-Evolving and Efficient LLM System for Personalized Academic Assistance. arXiv.","DOI":"10.18653\/v1\/2024.emnlp-demo.13"},{"key":"ref_62","unstructured":"Li, R., Patel, T., Wang, Q., and Du, X. (2024). MLR-Copilot: Autonomous Machine Learning Research based on Large Language Models Agents. arXiv."},{"key":"ref_63","unstructured":"Wen, H., Wei, Z., Lin, Y., Wang, J., Liang, Y., and Wan, H. (2024). OverleafCopilot: Empowering Academic Writing in Overleaf with Large Language Models. Proceedings of the Applied Data Science Track Paper, Hong Kong University of Science and Technology."},{"key":"ref_64","unstructured":"Fortinet (2023). Meet Fortinet Advisor, a Generative AI Assistant that Accelerates Threat Investigation and Remediation, Fortinet. Available online: https:\/\/www.fortinet.com\/corporate\/about-us\/newsroom\/press-releases\/2023\/fortinet-advisor-a-generative-ai-assistant-accelerating-threat-investigation-and-remediation."},{"key":"ref_65","unstructured":"(2024, December 16). Enhancing Cybersecurity: The Role and Benefits of Open Source SIEM|SubRosa. Available online: https:\/\/subrosacyber.com\/en\/blog\/open-source-siem."},{"key":"ref_66","unstructured":"Yao, S., Zhao, J., Yu, D., Du, N., Shafran, I., Narasimhan, K., and Cao, Y. (2022). ReAct: Synergizing Reasoning and Acting in Language Models. arXiv."},{"key":"ref_67","unstructured":"Han, Z., Gao, C., Liu, J., Zhang, J., and Zhang, S.Q. (2024). Parameter-Efficient Fine-Tuning for Large Models: A Comprehensive Survey. arXiv."},{"key":"ref_68","unstructured":"(2024, December 18). Outshift|Fine-Tuning Methods for LLMs: A Comparative Guide. Available online: https:\/\/outshift.cisco.com\/blog\/llm-fine-tuning-methods-comparative-guide."},{"key":"ref_69","unstructured":"(2024, December 18). Challenges & Limitations of LLM Fine-Tuning|OpsMatters. Available online: https:\/\/opsmatters.com\/posts\/challenges-limitations-llm-fine-tuning."},{"key":"ref_70","doi-asserted-by":"crossref","unstructured":"Wang, X., Wang, Z., Gao, X., Zhang, F., Wu, Y., Xu, Z., Shi, T., Wang, Z., Li, S., and Qian, Q. (2024, January 12\u201316). Searching for Best Practices in Retrieval-Augmented Generation. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, Miami, FL, USA.","DOI":"10.18653\/v1\/2024.emnlp-main.981"},{"key":"ref_71","unstructured":"NVIDIA (2024, December 18). Explainer: What Is Retrieval-Augmented Generation?|NVIDIA Technical Blog. Available online: https:\/\/developer.nvidia.com\/blog\/explainer-what-is-retrieval-augmented-generation\/."},{"key":"ref_72","unstructured":"Xu, H., Wang, S., Li, N., Wang, K., Zhao, Y., Chen, K., Yu, T., Liu, Y., and Wang, H. (2024). Large Language Models for Cyber Security: A Systematic Literature Review. arXiv."},{"key":"ref_73","unstructured":"Tseng, P., Yeh, Z., Dai, X., and Liu, P. (2024). Using LLMs to Automate Threat Intelligence Analysis Workflows in Security Operation Centers. arXiv."},{"key":"ref_74","unstructured":"Eventus Security (2024, December 18). Enhancing Cybersecurity: The Role of AI & ML in SOC and Deploying Advanced Strategies. Available online: https:\/\/eventussecurity.com\/cybersecurity\/soc\/ai-ml\/."},{"key":"ref_75","unstructured":"Red Canary (2024, December 18). GitHub-Redcanaryco\/Atomic-Red-Team: Small and Highly Portable Detection Tests Based on MITRE\u2019s ATT&CK. Available online: https:\/\/github.com\/redcanaryco\/atomic-red-team."},{"key":"ref_76","unstructured":"(2024, December 18). Test Your Defenses with Red Canary\u2019s Atomic Red Team. Available online: https:\/\/redcanary.com\/atomic-red-team\/."},{"key":"ref_77","unstructured":"Landauer, M., Mayer, K., Skopik, F., Wurzenberger, M., and Kern, M. (2024). Red Team Redemption: A Structured Comparison of Open-Source Tools for Adversary Emulation. arXiv."},{"key":"ref_78","unstructured":"Qdrant (2024, December 18). What is Qdrant?-Qdrant. Available online: https:\/\/qdrant.tech\/documentation\/overview\/."},{"key":"ref_79","unstructured":"Qdrant (2024, December 18). GitHub-Qdrant\/Qdrant-Rag-Eval: This Repo Is the Central Repo for All the RAG Evaluation Reference Material and Partner Workshop. Available online: https:\/\/qdrant.tech\/documentation\/overview\/."},{"key":"ref_80","unstructured":"Beijing Academy of Artificial Intelligence (BAAI) (2024, December 18). BAAI\/bge-large-en \u00b7 Hugging Face. Available online: https:\/\/huggingface.co\/BAAI\/bge-large-en."},{"key":"ref_81","first-page":"30233","article-title":"Matryoshka Representation Learning","volume":"35","author":"Kusupati","year":"2022","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_82","unstructured":"OpenAI (2024, December 18). New and Improved Embedding Model|OpenAI. Available online: https:\/\/openai.com\/index\/new-and-improved-embedding-model\/."},{"key":"ref_83","unstructured":"Burstein, J., Doran, C., and Solorio, T. (2019). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), Association for Computational Linguistics. Available online: https:\/\/aclanthology.org\/N19-1423\/."},{"key":"ref_84","doi-asserted-by":"crossref","unstructured":"Steck, H., Ekanadham, C., and Kallus, N. (2024, January 13\u201317). Is Cosine-Similarity of Embeddings Really About Similarity?. Proceedings of the Companion Proceedings of the ACM on Web Conference 2024, Singapore.","DOI":"10.1145\/3589335.3651526"},{"key":"ref_85","unstructured":"Pinecone (2024, December 23). Vector Similarity Explained|Pinecone. Available online: https:\/\/www.pinecone.io\/learn\/vector-similarity\/."},{"key":"ref_86","doi-asserted-by":"crossref","unstructured":"Guo, K.H. (2024, November 18). Testing and Validating the Cosine Similarity Measure for Textual Analysis. SSRN 2022. Available online: https:\/\/ssrn.com\/abstract=4258463.","DOI":"10.2139\/ssrn.4258463"},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Cichonski, P., Millar, T., Grance, T., and Scarfone, K. (2012). Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-61r2"},{"key":"ref_88","unstructured":"(2024, November 19). IRM\/EN at Main \u00b7 Certsocietegenerale\/IRM. Available online: https:\/\/github.com\/certsocietegenerale\/IRM\/tree\/main\/EN."},{"key":"ref_89","unstructured":"Diogenes, Y., and Ozkaya, E. (2018). Cybersecurity, Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics, Packt Publishing."},{"key":"ref_90","unstructured":"(2024, November 19). Nccic.; Ics-cert. Recommended Practice: Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies. U.S. Department of Homeland Security, National Cybersecurity and Communications Integration Center (NCCIC), Industrial Control Systems Cyber Emergency Response Team (ICS-CERT): Washington, DC, USA, 2016, Available online: https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/Defense_in_Depth_Strategies_2016.pdf."},{"key":"ref_91","unstructured":"Cybersecurity and Infrastructure Security Agency (CISA) (2024, November 19). Cybersecurity Incident & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems, Available online: http:\/\/www.cisa.gov\/tlp."},{"key":"ref_92","doi-asserted-by":"crossref","unstructured":"Pascoe, C., Quinn, S., and Scarfone, K. (2024). The NIST Cybersecurity Framework (CSF) 2.0.","DOI":"10.6028\/NIST.SP.1304.ipd"},{"key":"ref_93","unstructured":"MITRE Corporation (2024, November 19). MITRE ATT&CK\u00ae. Available online: https:\/\/attack.mitre.org\/."},{"key":"ref_94","unstructured":"LangChain (2024, November 21). How to Split Text by Tokens|LangChain. Available online: https:\/\/python.langchain.com\/docs\/how_to\/split_by_token\/#nltk."},{"key":"ref_95","unstructured":"Wazuh (2024, November 19). Rules\u2014Data Analysis \u00b7 Wazuh Documentation. Available online: https:\/\/documentation.wazuh.com\/current\/user-manual\/ruleset\/rules\/index.html."},{"key":"ref_96","unstructured":"Wazuh (2024, November 21). Event Logging\u2014Wazuh Server \u00b7 Wazuh Documentation. Available online: https:\/\/documentation.wazuh.com\/current\/user-manual\/manager\/event-logging.html."},{"key":"ref_97","first-page":"9459","article-title":"Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks","volume":"33","author":"Lewis","year":"2020","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_98","unstructured":"Wazuh (2024, November 21). Vulnerability Detection\u2014Use Cases \u00b7 Wazuh Documentation. Available online: https:\/\/documentation.wazuh.com\/current\/getting-started\/use-cases\/vulnerability-detection.html."},{"key":"ref_99","unstructured":"SOC Fortress (2024, November 22). GitHub\u2014Socfortress\/Playbooks: Playbooks for SOC Analysts. Available online: https:\/\/github.com\/socfortress\/Playbooks."},{"key":"ref_100","unstructured":"Red Canary (2024, November 22). Atomic-Red-Team\/Atomics\/Indexes\/Indexes-Markdown\/index.md at Master \u00b7 Redcanaryco\/Atomic-Red-Team \u00b7 GitHub. Available online: https:\/\/github.com\/redcanaryco\/atomic-red-team\/blob\/master\/atomics\/Indexes\/Indexes-Markdown\/index.md."},{"key":"ref_101","unstructured":"Zhang, T., Kishore, V., Wu, F., Weinberger, K.Q., and Artzi, Y. (2019). BERTScore: Evaluating Text Generation with BERT. arXiv."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/25\/3\/870\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:25:00Z","timestamp":1760027100000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/25\/3\/870"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,31]]},"references-count":101,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,2]]}},"alternative-id":["s25030870"],"URL":"https:\/\/doi.org\/10.3390\/s25030870","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,31]]}}}