DeepSeek do the Seeking: Introduction “SOAR+AIng"
Ashish Bansal
Security Engineering - SIEM, SOAR, Detection Engineering | Wazuh Expert | OSINT - Threat Intel & Darkweb | Built Security for Fintech & E-commerce Startups | Open Source Geek & Contributor | Passionately Curious
In today’s fast-evolving cybersecurity landscape, automation is no longer just about employing workflows or integrations but it’s also about reimagining the entire decision making process to minimise human effort.
I do agree that Security Orchestration, Automation and Response (SOAR) has moved Incident Response (IR) to another level by enabling the use of workflows and integrations but then what..?
It still falls short of eliminating noise, often functioning just as middleware primarily for ticket assignment and memo keeping, these tickets are then passed on to analysts for further triage and escalation.
Ahh..that ..hurts!
In December 2022, I began working on several proof-of-concepts (POCs) focused on automating detection rules using OpenAI. I even wrote an article titled ‘Detection Engineering Automation.’ Obviously, upsetting a few people hehe..but let’s move on to the next section.
Let’s enter the word of latest AI thing in market DeepSeek AI , a family of large language models (LLMs) similar to OpenAI’s GPT or Google’s Gemini. It is designed for various natural language processing (NLP) tasks such as text generation, summarisation and reasoning.
Some variants of DeepSeek are fine-tuned for specific domains, like coding or security analysis and can run locally using Ollama i.e. a free, open-source tool that allows users to run large language models (LLMs) on your local systems.
Ollama creates an isolated environment to run LLMs locally on your system that includes all the necessary components for deploying AI models, for example: LLM Model weights it’s configurations and etc.
Examples of DeepSeek Models: Refer to this link
I’ll be using a smaller version of the DeepSeek model with 1.5b parameters that my Intel-chip MacBook can handle :( for this demo.But you can try bigger models with upto 671b parameters.
Steps to perform:
Download: "ollama pull deepseek-r1:1.5b"
To run: "ollama run deepseek-r1:1.5b"
3. You can use terminal to interact with model via prompts and can also view the installed model with `ollama list`
Using LLM DeepSeek can enable SIEM/SOAR solutions not just to react, but proactively seek, analyse, triage and respond the threat alerts.
Posting Part-2 soon, with all the required hands on
Ofcourse, it's not a magic bullet and requires proper tuning but let's
explore what we can achieve in my next article in the "SOAR-ING" series!
Medium Blog for deeper insights: https://medium.com/@ashishsecdev/deepseek-do-the-seeking-introduction-soar-aing-3a5cf3493101
If you need any recommendations, don’t hesitate to reach out to me.
~AshishSecDev
Kredivo Group | OSCP | CRTP | eWPTXv2 | SRT
1 个月Very helpful
Senior Security Engineer at Vonage | Ericsson
1 个月Very helpful and insightful ??