Abstract

In today's context of cyber threats constantly evolving and enterprise digital infrastructures becoming ever more complex, modern Security Operations Centers (SOCs) face tremendous challenges. Traditional cybersecurity solutions typically lack the ability to effectively and efficiently correlate huge numbers of diverse threat data, causing issues with delayed response to incidents, too many false positives and operational inefficiencies. However, to overcome these challenges in this research, a new Large Language Model (LLM) – Driven Threat Correlation and Governance Automation Framework for intelligent security operations is proposed. The proposed framework combines Artificial Intelligence (AI), Natural Language Processing (NLP), Machine Learning (ML), and Large Language Models (LLMs) to automate processes of threat analysis, incident correlation, governance compliance, and security decision-making processes. The system exploits the UNSW-NB15 intrusion detection dataset and structured security logs and threat intelligence feeds to detect malicious activities and correlate multi-source events that occur in the security space. The advanced LLM capabilities include threat analysis, threat summary, threat prioritization and attack mapping capabilities to cybersecurity frameworks like MITRE ATT&CK and NIST guidelines. The framework also includes automated governance reporting, compliance validation and explainable AI driven recommendations to aid SOC analysts in real-time decision making. Experimental analysis shows that the proposed system increases the accuracy of detection of threats and decreases the rate of alerts fatigue, the time it takes for a response in an incident compared to the conventional SOC methodologies and increases the efficiency of governance automation. The study underscores the potential of LLM-powered cybersecurity solutions to revolutionize security operations in today's businesses, offering them the ability to become more scalable, intelligent, and autonomous. The results are significant for the evolving AI-powered cyber defense space, offering a viable and adaptable framework that enhances threat intelligence correlation, operational resilience, and cyber governance in an evolving threat landscape.