This repo contains the code for the presentation of our talk on how to use LLMs for CTI purposes.
In general, there are a couple of use-cases for LLMs in CTI. The most important use cases are:
1) UC 1: Summarization of free text CTI 2) UC 2: NER (Name Entity Recognition) 3) UC 3: Q&A (Answering questions on CTI texts via RAG) 4) UC 4: TTP Tagging (extract the TTPs from the text) 5) UC 5: Graph relationship extraction: extract the graph of who did what with with tools against whom etc... (the "w" questions).
Please note that UC 5 can help the other use-cases. If you have the graph of the relationships in a texth, then answering questions (UC 3) becomes easier.
Each use-case has its own subdirectory, please go to the individual subdirs and check their README files.
The STIX reports are pulled from the following sources: