Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn to automate the transformation of cyber threat intelligence reports into actionable battlecards through this conference talk from Recon Village at DEFCON 33. Discover how CTI-Agent, an agentic system developed by Principal Security Researcher Mohamed Nabeel from Palo Alto Networks, addresses the challenge of converting human-readable threat intelligence reports into machine-actionable security intelligence. Explore the complete automated pipeline that monitors new reports from reputable sources, extracts structured CTI using large language models and signature-based methods, validates and enriches data, clusters related reports, and synthesizes everything into concise operational battlecards for security teams. Master advanced techniques including LLM prompting with Chain-of-Thought reasoning, Retrieval Augmented Generation (RAG) tailored for security intelligence, and multi-agent planning patterns like ReAct and reflection. Understand how to combine graph and text embeddings with unsupervised learning to fuse multiple, inconsistent, and conflicting reports into unified threat campaign views. Gain practical insights into designing effective LLM prompts for CTI extraction and summarization, building RAG pipelines for threat intelligence, using agentic patterns for task planning and intelligence validation, and combining LLM-based extraction with signature-based methods for enhanced precision and coverage. Learn to generate and fuse embeddings for clustering related threat reports, automatically produce high-signal battlecards for immediate SOC and IR team operationalization, and implement guardrails and evaluation methodologies to maintain robust, safe, and measurable multi-agent CTI systems over time through live demonstrations and practical deployment lessons.
