I am a cyber security professional who is curious about using the RASA platform to create a bot that will provide a user friendly interface for a SIEM platform. I am an Elastic developer that focuses on log analytics and threat hunting techniques. My reason for choosing RASA is to provide analyst with a natural language interface that can assist in dealing with the large amounts of alerts produced by security systems, and giving quick access through rest api for both the Elastic Stack and other integrated services. Anyone else work in infosec using RASA?
I have a question! Сan the creation of one bot provides control over all security systems. In my opinion, this is not reliable, as some security organizations employ a huge number of employees performing many functions. It is quite difficult to quickly detect an emerging threat and signal danger, and I would not like to think that my system is guarded by a bot provided by the organization.