PERSEPTOR: Automating Detection Rule Generation with AI-Driven Threat Intelligence

In an era of rapidly evolving cyber threats, organizations face constant challenges in detecting and mitigating sophisticated attacks.
Staying ahead of adversaries demands not only robust defense mechanisms but also intelligent systems capable of transforming raw threat data into actionable intelligence.

PERSEPTOR is a cutting-edge threat intelligence project designed to streamline the process of extracting actionable insights from diverse threat reports.
Leveraging state-of-the-art LLMs and the LangChain framework, PERSEPTOR autonomously summarizes threat reports, identifies TTPs, extracts IoCs, and generates Sigma and YARA rules using AI-driven mechanisms to minimize false positives.

The project also provides tailored query recommendations for various cybersecurity products, enhancing its practical adaptability across different operational environments.

PERSEPTOR specializes in automating detection content creation and prioritization, enabling Blue Teamers, SOC Analysts, Incident Responders, Threat Hunters, and Threat Detection Engineers to efficiently organize and implement detection rules.

Through real-time analysis, PERSEPTOR empowers these teams to effectively prioritize threats and optimize response strategies, significantly enhancing their ability to detect and mitigate emerging cyber threats.

This presentation delves into the conceptualization, development, and implementation of PERSEPTOR, highlighting its modular architecture, advanced AI-driven functionalities, and transformative impact on modern cybersecurity operations. Furthermore, the presentation will discuss the applicability of PERSEPTOR in cybersecurity operations through various use case examples.