SentinelOne Labs

From Narrative to Knowledge Graph | LLM-Driven Information Extraction in Cyber Threat Intelligence

Aleksandar Milenkoski & Razvan Gabriel Cirstea · 2026-03-09 · Read original ↗

ATT&CK techniques detected

1 predictions

T1583.001Domains

38%

“) and contextual details is slow, inconsistent, and difficult to scale. llms have the potential to automate this task by interpreting narratives, extracting explicit data, and inferring implicit relationships, transforming text into structured, machine ‑ readable data that suppor…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

LLMs can turn CTI narratives into structured intelligence at scale, but speed-accuracy trade-offs demand careful design for operational defense workflows.