OTuHunt: An Aggregated Threat Hunting & Intelligence Platform for OT/ICS
The convergence of IT and OT systems has heightened cybersecurity risks, especially in OT/ICS environments where attacks can impact critical infrastructure. This paper proposes “OTuHunt”, a conceptual framework to automate the extraction of Indicators of Compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) from local reports and unstructured Cyber Threat Intelligence (CTI) using Natural Language Processing (NLP), aligning with the Managed Security Service Provider (MSSP) model. Extracted TTPs are mapped to MITRE ATT&CK for ICS and transformed into Security Information and Event Management (SIEM)-compatible queries. While still in the proposal stage, “OTuHunt” aims to provide an end-to-end automated threat hunting pipeline tailored to OT/ICS, addressing gaps in current solutions and enhancing early Advanced Persistent Threat (APT) detection in support of secure digital transformation.
Authors
Nawaf Alharbi
No LinkedIn Profile