TicketGenesis: LLM-Driven Compliance Evidence Extraction and Auto-Assignment Engine
Keywords:
LLM, compliance automation, IaC diffs, SIEM, ISO 27001, JIRA integrationAbstract
TicketGenesis is presented as an automated framework than can automatically tracks compliance and fixes problems by the help of system like LLM that emphasizes security and auditing which integrates sources like IaC diffs, SIEM telemetry, app logs emerge to develop semantic ISO 27001, SOC 2, and PCI-DSS control clauses. Reinforcement self-evolving classifiers create severity and JIRA tickets.
Downloads
References
A. Vaswani et al., "Attention Is All You Need," Advances in Neural Information Processing Systems, vol. 30, pp. 5998–6008, 2017.
J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova, "BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding," Proc. NAACL-HLT, pp. 4171–4186, 2019.
T. Brown et al., "Language Models are Few-Shot Learners," Advances in Neural Information Processing Systems, vol. 33, pp. 1877–1901, 2020.
J. Li, Y. Guo, and H. Zhu, "Automated Compliance Monitoring with Natural Language Processing: A Survey," IEEE Access, vol. 9, pp. 124350–124369, 2021.
S. B. Dahiya and N. Jindal, "Security Information and Event Management: A Review of Concepts and Applications," IEEE Access, vol. 8, pp. 142512–142530, 2020.
C. Zhang et al., "An Approach to Infrastructure as Code (IaC) Security Analysis Using Machine Learning," IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 5, pp. 2321–2334, Sept.-Oct. 2021.
M. Rogers, M. Schmitt, and T. Alpcan, "SIEM Alert Prioritization Using Machine Learning Techniques," IEEE Systems Journal, vol. 16, no. 3, pp. 4034–4045, Sept. 2022.
M. R. Islam, S. Shahriar, and M. M. Hassan, "Review of AI-Based Compliance Automation Tools in Cloud Environments," IEEE Cloud Computing, vol. 9, no. 1, pp. 45–56, Jan.-Mar. 2022.
K. Lee et al., "Compliance Automation for ISO 27001: Techniques and Challenges," Proc. ACM Workshop on Security and Privacy in Cloud Computing, pp. 23–30, 2021.
D. A. Barrett, "Rule-Based and Hybrid Approaches for Severity Classification in Security Incidents," Journal of Cybersecurity and Information Integrity, vol. 5, no. 4, pp. 75–88, 2023.
L. Wu, S. Zhang, and P. Wang, "JIRA Automation for Compliance Management: Design and Implementation," Proc. IEEE Int. Conf. on Software Engineering, pp. 995–1002, 2022.
S. Hochreiter and J. Schmidhuber, "Long Short-Term Memory," Neural Computation, vol. 9, no. 8, pp. 1735–1780, 1997.
J. Pennington, R. Socher, and C. D. Manning, "GloVe: Global Vectors for Word Representation," Proc. Conf. on Empirical Methods in Natural Language Processing, pp. 1532–1543, 2014.
A. Raj et al., "Continuous Compliance Monitoring in Cloud-Native Environments Using AI," IEEE Transactions on Cloud Computing, vol. 11, no. 1, pp. 240–251, Jan.-Mar. 2023.
Y. Kim, "Convolutional Neural Networks for Sentence Classification," Proc. EMNLP, pp. 1746–1751, 2014.
F. Chollet, "Xception: Deep Learning with Depthwise Separable Convolutions," Proc. IEEE Conf. Computer Vision and Pattern Recognition, pp. 1251–1258, 2017.
N. Papernot et al., "Technical and Legal Challenges of Machine Learning for Security Compliance," IEEE Security & Privacy, vol. 19, no. 1, pp. 30–39, Jan.-Feb. 2021.
T. L. Nguyen and D. Lo, "Automated Detection of Compliance Violations from Software Artifacts," IEEE Software, vol. 37, no. 2, pp. 62–70, Mar.-Apr. 2020.
M. S. Rahman, M. F. Bari, and S. U. A. Shah, "A Survey of NLP Techniques for Log Analysis," IEEE Communications Surveys & Tutorials, vol. 24, no. 4, pp. 2256–2282, Fourthquarter 2022.
G. N. Yannakoudakis and S. V. Manolakis, "Adaptive Routing Algorithms for Ticket Management in Enterprise Security," IEEE Transactions on Network and Service Management, vol. 19, no. 3, pp. 2105–2117, Sept. 2022.
