This repository contains the source code and experimental data for the research paper: "An Intelligent Plug-In Playable Orchestration Model that Combines Gen-AI Prompting, RAG and Agentic AI for Efficient Cybersecurity Operations"
Read the full paper on IEEE Xplore »
This project involves the development of intelligent plugins designed to improve prompt rewording and generate Kusto Query Language (KQL) queries. By leveraging Retrieval-Augmented Generation (RAG) and agentic AI techniques, the plugins can either construct queries from scratch or refine them based on contextual information retrieved dynamically. The solution is tailored for integration into advanced AI copilots and security-focused platforms, enabling streamlined, context-aware query generation and natural language interactions for enhanced threat investigation and data analysis workflows.
Find the openapispec url Here
If you use this code or our results in your research, please cite our paper:
@InProceedings{10.1007/978-981-95-1361-1_45,
author="Mahendran, Sharukesh
and Sundarakrishna, Sai
and Vignesh, V. S.
and Menon Perinchery, Pradeep",
editor="Choudrie, Jyoti
and Tuba, Eva
and Perumal, Thinagaran
and Joshi, Amit",
title="An Intelligent Plug-In Playable Orchestration Model that Combines Gen-AI Prompting, RAG and Agentic AI for Efficient Cybersecurity Operations",
booktitle="ICT for Intelligent Systems",
year="2026",
publisher="Springer Nature Singapore",
address="Singapore",
pages="577--592",
abstract="Artificial Intelligence (AI) Technologies such as Generative AI prompting, Retrieval Augmented Generation (RAG) and Agentic AI have started to emerge in cybersecurity operations and use-cases independently. We propose an intelligent orchestration mechanism that sifts the requirements of contextual injection, smart autonomy, integrated use case and intent capture. It is capable of reducing hallucinations and capable of enhancing semantic reasoning using prompting, RAG and Agentic AI, smartly, simultaneously and on demand. We propose such an integrated novel suite of framework tools unifying System Integration and Events Management (SIEM) and security Orchestration Automation and Response (SOAR). We develop, discuss and demonstrate the system as a plug and play with popular cybersecurity platforms. We provide 2 real world case studies to demonstrate the efficiency over the current state of the art performing SIEM and SOAR tools. The plug-in is scalable for the Model context protocol (MCP) and Agent to Agent (A2A) ecosystems.",
isbn="978-981-95-1361-1"
}