In this video, we explore how AI enhances threat hunting by integrating Large Language Models (LLMs) with the Garuda Threat Hunting Framework. Garuda is a manual, PowerShell-based threat hunting and investigation framework designed to transform raw Sysmon telemetry into structured, actionable intelligence for Windows environments. It allows you to correlate, filter, and analyze sysmon events more efficiently. The video demonstrates how Garuda, when combined with the reasoning and automation capabilities of LLMs, enables AI-powered autonomous threat hunting—allowing analysts to automatically detect anomalies, correlate TTPs, and uncover adversary activity.
To get idea of how to use Garuda Framework for manual threat hunting, watch this video:
