Organizations across all sectors face a growing number of cyber incidents that can jeopardize their financial stability, reputation, and operational resilience. Understanding the evolving landscape of these incidents requires not only identifying the targeted organizations, but also contextualizing them within their broader business and geopolitical environments. This study proposes a novel multi-agent system designed to automate the extraction and integration of firmographic data for organizations affected by real-world cyber incidents. The system is based on a multi-agent workflow provided by LangGraph, where each stage processes and forwards intermediate results, thereby enabling a pipeline in which the information is progressively enriched. Ultimately, the outputs are aggregated to generate a single coherent response. The agents extract basic information about the victim, identify their website, and enrich their profile using external data sources, including Google, RocketReach, DBpedia, and BigPicture. The system was tested with real cyber incidents that impacted companies, as reported by Industrial Control System Security, Threats, Regulations, Incidents, Vulnerabilities provided by Experts (ICS STRIVE) and European Repository of Cyber Incidents (EuRepoC), demonstrating its ability to extract victim names and retrieve firmographic attributes with high completeness and confidence. This automatic profiling approach provides valuable input for cyber threat intelligence and enables more informed decision-making when analyzing attackers’ motivations and risk exposure.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Using LLM Agents for Data Integration in Cybersecurity Incidents

  • Natalia Madrueño,
  • Jaime Rueda,
  • Javier García-Ochoa,
  • Alberto Fernández-Isabel,
  • Isaac Martín de Diego,
  • Romy R. Ravines

摘要

Organizations across all sectors face a growing number of cyber incidents that can jeopardize their financial stability, reputation, and operational resilience. Understanding the evolving landscape of these incidents requires not only identifying the targeted organizations, but also contextualizing them within their broader business and geopolitical environments. This study proposes a novel multi-agent system designed to automate the extraction and integration of firmographic data for organizations affected by real-world cyber incidents. The system is based on a multi-agent workflow provided by LangGraph, where each stage processes and forwards intermediate results, thereby enabling a pipeline in which the information is progressively enriched. Ultimately, the outputs are aggregated to generate a single coherent response. The agents extract basic information about the victim, identify their website, and enrich their profile using external data sources, including Google, RocketReach, DBpedia, and BigPicture. The system was tested with real cyber incidents that impacted companies, as reported by Industrial Control System Security, Threats, Regulations, Incidents, Vulnerabilities provided by Experts (ICS STRIVE) and European Repository of Cyber Incidents (EuRepoC), demonstrating its ability to extract victim names and retrieve firmographic attributes with high completeness and confidence. This automatic profiling approach provides valuable input for cyber threat intelligence and enables more informed decision-making when analyzing attackers’ motivations and risk exposure.