This workshop offers a hands-on presentation of two open-source tools from the CyFORT project, bridging the gap between state-of-the-art academic research and real-world SOC/CSIRT operations: IDPS-ESCAPE, a SOAR platform with an AI-driven anomaly detection toolbox (ADBox), and SATRAP, a platform for computer-aided analysis of Cyber Threat Intelligence (CTI) assisted by logic-based automated reasoning.

Participants will learn how to integrate an open-source SIEM (Wazuh) with ADBox and its Multivariate Time-Series Anomaly Detection via Graph Attention Networks (MTAD-GAT) algorithm, as well as how to configure anomaly detectors by training new ML models and using them on SIEM-level ingested data to respond to adversarial attacks, and automate response workflows. They will also gain hands-on experience setting up a CTI knowledge base and streamlining CTI analysis investigations using the CTI Analysis Toolbox of SATRAP.