eISSN: 3087-4297 editor@aimjournals.com
All Journals
Submit your article

International Journal of Cyber Threat Intelligence and Secure Networking

Open Access Peer Review International
Open Access

From Reactive to Predictive: A Framework for Integrating Threat Intelligence with SIEM for Proactive Threat Hunting

DOI
PDF
Dr. Alistair C. Finch 1 ,
4 Centre for Cybersecurity Research, King's College London, London, United Kingdom

Abstract

Purpose: Traditional Security Information and Event Management (SIEM) systems, while foundational to security operations, primarily function in a reactive capacity, generating high volumes of alerts with limited contextual data. This reactive posture is often insufficient against sophisticated, persistent cyber threats. This paper addresses this critical gap by proposing a novel framework for augmenting SIEM with Cyber Threat Intelligence (CTI) to enable a predictive and proactive cyber defense strategy centered on threat hunting.

Methodology: This research synthesizes existing literature on SIEM, CTI, and threat hunting to develop the Intelligence-Augmented SIEM (IA-SIEM) framework. The proposed methodology is conceptual, centered on a dynamic Threat Knowledge Graph that is continuously enriched by external intelligence and internal logs. This enriched data fuels a two-phase process: (1) Predictive Threat Modeling, which uses the graph to generate and prioritize hunting hypotheses; and (2) Guided Threat Hunting, which provides analysts with a structured workflow to investigate these hypotheses and feeds findings back into the system. The framework’s efficacy is conceptualized through a case study simulating an Advanced Persistent Threat (APT).

Findings: Application of the IA-SIEM framework is projected to yield significant improvements over traditional security models. Key results include a marked reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), a substantial decrease in alert fatigue and false positives, and an enhanced capability to proactively identify and neutralize previously undetectable, low-and-slow attack behaviors. The framework facilitates a shift from indicator-based alerting to intelligence-driven, hypothesis-led investigations.

Conclusion: The IA-SIEM framework offers a structured, actionable pathway for organizations to evolve their cyber defense capabilities from a reactive to a predictive posture. By systematically integrating threat intelligence at the core of the detection and response process, security teams can transition to proactive threat hunting, enabling them to anticipate and neutralize threats before significant impact occurs.

Keywords

Proactive Cyber Defense, Threat Hunting, Threat Intelligence

References

📄 Wei, R., Cai, L., Yu, A., & Meng, D. (2021). DeepHunter: A graph neural network based approach for robust cyber threat hunting. arXiv preprint, arXiv:2104.09806.
📄 Bienzobas, Á. C., & Sánchez Macián, A. (2023). Threat Trekker: An approach to cyber threat hunting. arXiv preprint, arXiv:2310.04197.
📄 Mavroeidis, V., & Jøsang, A. (2021). Data driven threat hunting using Sysmon. arXiv preprint, arXiv:2103.15194.
📄 Gao, P., Liu, X., Choi, E., Ma, S., Yang, X., & Song, D. (2022). ThreatKG: An AI powered system for automated open source cyber threat intelligence gathering. arXiv preprint, arXiv:2212.10388.
📄 “Proactive threat hunting to detect persistent behaviour based attacks.” (2024). Computers & Security, article in press.
📄 “Threat Hunting Use Cases: Integration with SIEM and real time enrichment.” (2024). Hunt.io.
📄 Bitsight. (2024). SANS CTI Survey 2024: Threat hunting now top use case. Bitsight via SANS blog.
📄 Brandefense. (2024). The benefits of integrating threat intelligence with SIEM solutions. bluevoyant.com.
📄 CyberProof. (2024). What is proactive threat hunting? cyberproof.com.
📄 StartupDefense. (2024). Threat hunting: A comprehensive guide to proactive cyber defense. startupdefense.io.
📄 SecureITConsult. (2024). How intelligence data drives proactive threat hunting. secureitconsult.com.
📄 SearchInform. (2024). SIEM threat hunting: Comprehensive guide. searchinform.com.
📄 Bitsight. (2025). The role of threat intelligence in threat hunting. bitsight.com.
📄 BlueVoyant. (2024). Threat intelligence: Complete guide to process and technology. bluevoyant.com.
📄 CyberMaxx. (2025). The art of proactive threat hunting: A deeper dive. cybermaxx.com.
📄 ChaosSearch. (2024). Threat hunting frameworks and methodologies: An introductory guide. chaossearch.io.
📄 Softcat. (2024). The role of threat intelligence in proactive cyber defence. softcat.com.
📄 Filigran. (2024). Leverage threat intelligence for proactive threat hunting. filigran.io.
📄 Trellix. (2025). Threat intelligence and threat hunting: Why you need both. trellix.com.
📄 “Threat intelligence platform” (2024). Wikipedia entry.
📄 “Threat hunting” (2025). Wikipedia entry.
📄 “Proactive cyber defence.” (2025). Wikipedia entry.
📄 LevelBlue. (2024). OSSIM: Open Source Security Information Management. Wikipedia entry.
📄 “Network detection and response (NDR).” (2025). Wikipedia entry.
📄 PricewaterhouseCoopers. (2023). Proactive cyber defence and detection. Wikipedia entry.

Similar Articles

1-10 of 20

You may also start an advanced similarity search for this article.