Exploring AI/ML Integration for Security Operations Center (SOC) Investigations

In this internship assignment, you will be tasked with researching and exploring potential integrations of AI/ML technologies to enhance Security Operations Center (SOC) investigations. The primary focus will be on leveraging OpenAI-based solutions and investigating the application of machine learning functions within the Kusto Query Language (KQL). This internship will provide you with valuable insights into the world of cybersecurity and artificial intelligence.

Key Objectives:

• Investigate the potential use of AI technologies, particularly those based on OpenAI, to enhance and streamline security investigations within a SOC.
• Explore the integration of machine learning functions available in Kusto Query Language (KQL) for security investigations.
• Gain a deeper understanding of security concepts, mathematics relevant to AI/ML, and the ability to create complex query statements in KQL.

Tasks and Responsibilities:

During your internship, you will be expected to:

• Conduct in-depth research on existing AI/ML technologies and their applications in cybersecurity, with a focus on OpenAI.
• Collaborate with the SOC team to understand their investigation processes and identify areas where AI/ML can add value.
• Experiment with OpenAI-based models and tools to develop proof-of-concept solutions that can assist in security investigations.
• Investigate and document the ML functions and capabilities within Kusto Query Language (KQL) that are relevant to security investigations.
• Develop and present reports or presentations on your findings, including recommendations for the integration of AI/ML technologies in SOC investigations.

Skills/Knowledge Required:

• Basic knowledge of security concepts, including understanding common threats, vulnerabilities, and incident response procedures.
• Proficiency in mathematics, particularly in areas relevant to machine learning algorithms and statistics.
• Ability to create complex query statements in Kusto Query Language (KQL) or a willingness to learn this skill during the internship.
• Strong analytical and problem-solving skills.

Outcome and Deliverables:

• A comprehensive report detailing your research findings, including a review of AI/ML technologies and their potential applications in SOC investigations.
• Proof-of-concept solutions, if applicable, demonstrating the practical use of AI/ML in security investigations.
• Documentation of ML functions within Kusto Query Language (KQL) that can aid in security investigations.