From StackStorm to DeepTempo

The cybersecurity landscape has drastically changed since StackStorm, an event-driven automation platform, was founded. Initially, the focus was on managing existing alerts with context and predefined playbooks. However, traditional signature-based systems now struggle to keep pace with evolving threats, as most attacks bypass them. Living-off-the-Land tactics and AI-powered malware are increasing, making traditional methods less effective. AI-enabled attacks are the top concern for cybersecurity buyers, despite the rise of AI-powered SOCs that are still largely reactive. Machine Learning solutions often require extensive retraining and produce high false positives. Modern security needs focus on achieving actual safety through improved threat detection. A Log Language Model (LogLM) can detect anomalies from various attacks with high accuracy and minimal fine-tuning. Active learning further refines the LogLM, adapting to data changes and improving detection rates. The author seeks feedback on the need for better, adaptable indicators with low false positives to address modern cyber threats.