Winning the U.S. Cyber Command AI Alert Data Challenge with Graphs

The US Cyber Command issued a challenge relatable to any team deluged by alerts: How do we sort the signal from the noise? We dig into our winning entry’s surprisingly simple graph AI pipeline, and explore it in the context of security data lake initiatives and generative AI. The ultimate result is an incident linking model for more easily managing and investigating alerts. That means more reliable investigations, and the ability to power more intelligent tools on top. We’ll walk through turning a fusion center’s firehose of real-time alerts into a clear leaderboard of bucketed & linked incidents, and for any incident, automatically generated visual drill downs like interactive GPU-accelerated interactive event graphs. Along the way, we’ll discuss making this into a surprisingly simple and easy-to-use cloud security data lake by combining Databricks, PyGraphistry[AI] GPU graph AI & visualization, and Louie.AI’s LLM-powered conversational interfaces.