OmniSec introduces a breakthrough framework that integrates diverse security knowledge sources to enable fully automated intrusion detection using large language models.

• Addresses the "knowledge silos problem" that has limited previous provenance-based intrusion detection systems
• Systematically categorizes and utilizes different types of security knowledge to reduce manual intervention
• Employs LLMs as the integration mechanism for diverse knowledge sources, creating a more comprehensive detection capability
• Enables "last mile delivery" for automated endpoint threat analysis without human expertise requirements

This research represents a significant advancement for enterprise security teams seeking to automate threat detection while maintaining high accuracy and reducing analyst workload.

SoK: Knowledge is All You Need: Last Mile Delivery for Automated Provenance-based Intrusion Detection with LLMs