Retrieval-Augmented LLMs for Security Incident Analysis

arXiv:2603.18196v3 Announce Type: replace-cross Abstract: Investigating cybersecurity incidents requires collecting and analyzing evidence from multiple log sources, including intrusion detection alerts, network traffic records, and authentication events. This process is labor-intensive: analysts...