As the defending side, blue teams have many different perspectives when it comes to responding to cybersecurity incidents compared to the red team. Besides considering the analysis's accuracy under a large amount of log data, blue teams also have more emphasis on response time and costs due to the needs of complying with government policies and regulations.

CyCraft has conducted extensive research on using Machine Learning techniques in investigations of large-scale cybersecurity incidents, and has incorporated AI into various scenarios, including endpoint event correlation, CmdGPT analysis of Cmdline, and automatic forensic report generation. Since last year, we have incorporated a new generation of large language models into our blue team AI assistant for automatic incident response and issue management. In this talk, the speaker will share our practical experiences and exclusive insights on how cybersecurity teams can properly use AI, and share some actual case studies.