IJAIEM
International journal of application or innovation in engineering
and management
ISSN:2319-4847

Abstract

AI-Augmented SIEM Systems: Improving Threat Correlation and Alert Prioritization

Priya Rajan

Abstract

Traditional Security Information and Event Management (SIEM) platforms rely heavily on rule-based correlation, often leading to alert fatigue and missed advanced threats. This paper presents an AI- augmented SIEM architecture that integrates unsupervised learning and clustering techniques to enhance threat detection, correlation, and alert prioritization. Using a dataset of over 30 million anonymized logs from an enterprise network—including authentication records, DNS queries, and system events—we apply autoencoders for anomaly detection and density-based clustering (DBSCAN) for grouping related events. Our system integrates these models into the Splunk SIEM via Python SDK and real-time data pipelines. Compared to a baseline rule-only system, false positives are reduced by 41%, and average analyst triage time is shortened by 29%. Critical incident detection accuracy improves due to context-aware enrichment with external threat intelligence sources. The architecture also supp

IMPORTANT LINKS

About us
Issues
Publication Ethics and Publication Malpractice Statement
Author Guidliness
Copyright Form
Editorial Board
Contact us

Plagiarism

Check Article for

Plagiarism


UPDATES

  • call for paper:
    volume8
  • issue-1 october 2024
  • Submission date:
    22.10.2024

  • publishing date:28.10.2024

INDEXED BY:

Copyright © :2024 Editor@ijaiem.com

International journal of application or innovation in engineering and management