Command and Control Playbook Demo (Benign Activity) | AI-Powered SOAR

In this video, I demonstrate the Command and Control stage of my Final Year Project, where a benign or legitimate activity involving trusted tools is analysed to distinguish it from real threats.

The system detects this activity using LimaCharlie EDR, which monitors process execution and network communication. The event is then analysed using an AI-based model (GPT-powered decision engine) to determine whether the behaviour is malicious or benign.

Once classified as a false positive, the playbook does not trigger any containment action and instead logs the event while sending an informational alert via Slack to notify the SOC team.

⚡Key Highlights:

* Detection of normal/benign activity
* AI-based classification to reduce false positives
* No unnecessary automated response triggered
* Intelligent decision-making for accurate triage
* Improved SOC efficiency by reducing alert fatigue

🎯 This playbook is part of my project:
“Evaluating the Effectiveness of AI-Powered SOAR Workflows in Reducing Incident Response Time and Analyst Workload.”

💡 The goal is to accurately differentiate between real threats and normal activity, ensuring analysts focus only on critical incidents.

#CyberSecurity #SOAR #SOC #EDR #Automation #AI #CommandAndControl #FalsePositive #ThreatDetection #blueteam #Limacharlie #tines #openai

‪@TinesHQ‬
‪@OpenAI‬

For more information contact: ishayan007@outlook.com

Видео Command and Control Playbook Demo (Benign Activity) | AI-Powered SOAR канала Shayan Shahid