Cybersecurity teams currently use the tools that excel in analytical capabilities but offer only limited support for their procedural documentation. It results in unnecessarily high cognitive demands on analysts, which makes the whole process time-consuming and error-prone. The project aims at providing a drill-down analysis support tool that combines visual querying methods, an analytical provenance concept, and a machine-readable data format to store provenance metadata. The proposed approach will enable the authoring of reusable analytical process reports and their automatic execution, which will lead to a significant streamlining of cybersecurity analysts' workflows. By using a recommendation system, it will also be possible to propose further analytical steps.
01/2023-12/2025
FW06010009
