Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

This project is a very early-stage research artifact (9 days old, 0 stars) accompanying an academic paper. While the focus on 'multi-report' campaign analysis is a logical evolution from single-report extraction, the defensibility is currently non-existent. The core value lies in the methodology and evaluation metrics rather than a robust software moat. Large cybersecurity platforms (Microsoft Sentinel, Google/Mandiant, CrowdStrike) are the natural owners of this capability, as they already ingest these reports and are rapidly integrating LLM-based summarization. Furthermore, the increasing context windows of frontier models (e.g., Gemini 1.5 Pro's 2M tokens) significantly lower the barrier to 'multi-report' analysis, as users can now simply ingest dozens of reports into a single prompt, potentially bypassing the need for specialized multi-report extraction algorithms.