Title:
Data-Driven Retrieval-Augmented AI for Security Operations
Poster
Preview Converted Images may contain errors
Abstract
The University System of New Hampshire (USNH) faces growing alert volumes, placing analysts at increased risk of alert fatigue and delayed remediation. To address this, we designed and implemented a Retrieval-Augmented Generation (RAG) alert triage system that enriches alerts with contextual user information, device metadata, and behavioral indicators, enabling faster alert response while allowing analysts to prioritize threat hunting. Guided by analyst workflows, we collected raw security logs from Microsoft Azure and Notables within Splunk, normalized and cleaned the data, and integrated them into a unified data framework. Upon alert creation, relevant contextual data is automatically delivered to USNH’s Deep Thought AI, which generates an analyst-facing report. Initial deployment confirms immediate alert triage while adhering to regulatory data constraints. These results demonstrate that retrieval-augmented architectures are a viable approach for enhancing security operations workflows while retaining human-in-the-loop decision-making.
Authors
| First Name |
Last Name |
|
Sam
|
Strange
|
|
Rishal
|
Khatri
|
|
Michael
|
Vinciguerra
|
|
Dylan
|
Royle
|
|
Dean
|
Marx
|
|
Caleb
|
Rockwell
|
|
Ben
|
Spiller
|
|
Abigail
|
Miller
|
|
Tyler
|
Geffrard
|
Leave a comment
Submission Details
Conference URC
Event Interdisciplinary Science and Engineering (ISE)
Department Computer Science (ISE)
Group Computer Science- Data Science
Added April 20, 2026, 2:55 p.m.
Updated April 20, 2026, 2:58 p.m.
See More Department Presentations Here
