Abstract: The increasing use of resource-constrained cyber-physical devices emphasizes the need for effective and flexible methods in the deployment of threat intelligence. The Open Cyber Intelligence Framework (OCIF), an architecture that applies Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) capabilities to resource-constrained environments, is presented in this study. The OCIF uses lightweight machine learning models in an adaptive way to process cyber threat intelligence (CTI) with greater precision and effectiveness. By using Wazuh to monitor the behavior of machines and OpenSearch for modeling the results of the analysis, the OCIF can reduce false positives by up to 6% in real-world implementations. The model ensures sufficient threat mitigation without taxing the system by striking a balance between anomaly detection, context, and decreased communication overhead. Because of its open-source propagation and modular form factor, OCIF promotes innovation and makes it possible for CTI to be built and used in restricted resources with optimal detection and operational efficiency.

Shunmugam U and Rajesh D. “Adaptive Open Cyber Intelligence for SOAR: Reduced False Positives in Low-Resource Environments”. International Journal of Advanced Computer Science and Applications (IJACSA) 16.11 (2025). http://dx.doi.org/10.14569/IJACSA.2025.01611105

@article{U2025,
title = {Adaptive Open Cyber Intelligence for SOAR: Reduced False Positives in Low-Resource Environments},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2025.01611105},
url = {http://dx.doi.org/10.14569/IJACSA.2025.01611105},
year = {2025},
publisher = {The Science and Information Organization},
volume = {16},
number = {11},
author = {Shunmugam U and Rajesh D}
}