AINeutralarXiv – CS AI · 9h ago6/10
🧠
From Attack Simulation to SIEM Rule: Deterministic Detection-as-Code Synthesis with Probe-Level Traceability
Researchers present a deterministic synthesis method that automatically converts findings from attack simulation tools into SIEM detection rules, eliminating manual translation work. The system uses a 23-template library indexed by OWASP categories to map security probe findings to Sigma rules with full traceability to originating attacks, achieving 100% parseability across multiple backends.