ML-Enhanced SOAR Framework for Proactive Threat Response in Managed Security Operations

Security Operations Centers today grapple with overwhelming alert volumes, fragmented toolchains, and manual response processes that impede timely threat containment. Analysts must pivot between multiple SIEM and EDR consoles, manually enrich indicators, and open tickets one by one, introducing delays that adversaries exploit to dwell undetected. Moreover, static severity tags lack the nuance to prioritize truly critical events, while developing and maintaining effective response playbooks is laborious and error-prone.
This project, in collaboration with GlassHouse Systems and the University of Guelph, will deliver:
• A unified SOAR integration layer that normalizes alerts and actions across all client SIEM, EDR, threat-intelligence, and ticketing systems;
• An ML-powered risk-scoring service trained on historical incident outcomes and enriched threat data to assign every alert a dynamic priority score;
• Automated response workflows that invoke the ML scores to escalate high-risk threats, retire low-risk noise, and guide analysts through ambiguous cases with complete context.
By embedding machine learning at the core of playbook orchestration, this research will accelerate mean-time-to-detect and mean-time-to-respond, reduce false-positive workloads, and establish a reproducible, metrics

Faculty Supervisor:

Ali Dehghantanha

Student:

Partner:

GlassHouse Systems

Discipline:

Computer science

Sector:

Manufacturing; Professional, scientific and technical services

University:

University of Guelph

Program: