Introduces an evaluation framework for autonomous defense agents hardening commercial EDR, tested in a GOAD lab with Microsoft Defender XDR and two LLMs, revealing three lessons on telemetry design, per-policy attribution, and variable EDR behavior.
True attacks, attack attempts, or benign triggers? an empirical measurement of network alerts in a security operations center,
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Closing the Sim-to-Real Gap: An Evaluation Framework for Autonomous Cyber Defense Configuration of Commercial EDR
Introduces an evaluation framework for autonomous defense agents hardening commercial EDR, tested in a GOAD lab with Microsoft Defender XDR and two LLMs, revealing three lessons on telemetry design, per-policy attribution, and variable EDR behavior.