Towards Log Analysis with AI Agents: Cowrie Case Study
This addresses the challenge of processing real-world attack data for cybersecurity researchers and educators, though it is incremental as a preliminary step in a broader project.
The study tackled the problem of analyzing overwhelming volumes of unstructured logs from Cowrie honeypots in cybersecurity by using AI agents for automated log analysis, resulting in reduced manual effort and identification of attack patterns.
The scarcity of real-world attack data significantly hinders progress in cybersecurity research and education. Although honeypots like Cowrie effectively collect live threat intelligence, they generate overwhelming volumes of unstructured and heterogeneous logs, rendering manual analysis impractical. As a first step in our project on secure and efficient AI automation, this study explores the use of AI agents for automated log analysis. We present a lightweight and automated approach to process Cowrie honeypot logs. Our approach leverages AI agents to intelligently parse, summarize, and extract insights from raw data, while also considering the security implications of deploying such an autonomous system. Preliminary results demonstrate the pipeline's effectiveness in reducing manual effort and identifying attack patterns, paving the way for more advanced autonomous cybersecurity analysis in future work.