March 2026 - Present
Internship Researcher
BMB · Beirut, Lebanon (On-site)
Master Thesis Project — autonomous SOC alert triage powered by an LLM agent on top of a Wazuh SIEM stack.
- —Deployed a Wazuh SIEM stack (manager, indexer, dashboard, and agents) with custom decoders and correlation rules covering Windows Security, Sysmon, Linux auth, Active Directory, and Palo Alto NGFW logs.
- —Developed an autonomous alert triage agent in Python using the Groq LLM API (llama-3.3-70b) with a ReAct tool-calling loop, reducing analyst alert fatigue by automating enrichment, correlation, and triage of Wazuh alerts.
- —Designed and implemented a PostgreSQL-backed mock enterprise enrichment layer (Active Directory, CMDB, EDR, threat intelligence, vulnerability scanner) exposed through a Node.js/Express API consumed by the triage agent.
- —Analyzed the target enterprise environment — network topology, asset inventory, and existing security posture — to identify monitoring gaps motivating the SIEM deployment.
