PREACT TM05000014-V2: Threat Model Hub

PREACT TM05000014-V2: Threat Model Hub

Software

The result is a software system Threat Model Hub, developed within the PREACT project, representing a centralized cloud platform for collection, processing, and analysis of cybersecurity telemetry across multiple organizations. The system ingests anonymized security events from distributed Edge IoC Processors, performs cross-customer correlation over non-private indicators of compromise, and generates global threat intelligence. The main contribution of the result is enabling collaborative, privacy-preserving threat intelligence at scale. The platform aggregates data from multiple independent environments and applies advanced processing pipelines, including validation, filtering, quota enforcement, and scoring mechanisms, to ensure high data quality and operational stability. Threat Model Hub provides key functionalities such as global maliciousness scoring of entities (e.g., IP addresses), identification of significant attackers, and propagation of intelligence back to customer environments to improve local detection and response. The system also includes governance mechanisms for evaluating data quality and mitigating misconfigured or noisy inputs through adaptive filtering rules and quotas. An integral part of the solution is the generation of context reports that enrich detected events with additional intelligence and provide analyst-oriented explanations using Large Language Models (LLMs). This improves incident understanding, prioritization, and response efficiency. The result has been implemented as a cloud-native microservice-based system with scalable architecture, strong tenant isolation, and privacy-by-design principles. It was experimentally validated through integration with Flowmon ADS and Edge IoC Processor, demonstrating end-to-end functionality including data ingestion, scoring, intelligence propagation, and explainability workflows. The Threat Model Hub is intended for further development and deployment as a core component of advanced cybersecurity platforms focused on global threat detection, correlation, and intelligence sharing.

The result is a software system Threat Model Hub, developed within the PREACT project, representing a centralized cloud platform for collection, processing, and analysis of cybersecurity telemetry across multiple organizations. The system ingests anonymized security events from distributed Edge IoC Processors, performs cross-customer correlation over non-private indicators of compromise, and generates global threat intelligence. The main contribution of the result is enabling collaborative, privacy-preserving threat intelligence at scale. The platform aggregates data from multiple independent environments and applies advanced processing pipelines, including validation, filtering, quota enforcement, and scoring mechanisms, to ensure high data quality and operational stability. Threat Model Hub provides key functionalities such as global maliciousness scoring of entities (e.g., IP addresses), identification of significant attackers, and propagation of intelligence back to customer environments to improve local detection and response. The system also includes governance mechanisms for evaluating data quality and mitigating misconfigured or noisy inputs through adaptive filtering rules and quotas. An integral part of the solution is the generation of context reports that enrich detected events with additional intelligence and provide analyst-oriented explanations using Large Language Models (LLMs). This improves incident understanding, prioritization, and response efficiency. The result has been implemented as a cloud-native microservice-based system with scalable architecture, strong tenant isolation, and privacy-by-design principles. It was experimentally validated through integration with Flowmon ADS and Edge IoC Processor, demonstrating end-to-end functionality including data ingestion, scoring, intelligence propagation, and explainability workflows. The Threat Model Hub is intended for further development and deployment as a core component of advanced cybersecurity platforms focused on global threat detection, correlation, and intelligence sharing.

cybersecurity; threat intelligence; anomaly detection; privacy-preserving data processing; edge computing; network traffic analysis; explainable AI; security event processing; data anonymization; incident analysis

cybersecurity; threat intelligence; anomaly detection; privacy-preserving data processing; edge computing; network traffic analysis; explainable AI; security event processing; data anonymization; incident analysis

Výsledek je využíván vlastníkem

https://www.progress.com/flowmon/platform/software-modules/anomaly-detection-system