An agentic LLM workflow with overview queries, query selection, evidence extraction, and verdict generation achieves significantly higher accuracy on security alert investigation than direct LLM use.
Could SOAR save skills-short SOCs?
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Towards Agentic Investigation of Security Alerts
An agentic LLM workflow with overview queries, query selection, evidence extraction, and verdict generation achieves significantly higher accuracy on security alert investigation than direct LLM use.