Current Technologies put the organization's cybersecurity at risk. Even with the new advancements in the defence strategies, security professional fails at some point. Combining the strength of AI with the skills of security professionals from vulnerability checks to defence becomes very effective. Organizations get instant insights, in turn, get reduced response time. Artificial Intelligence for Cyber Security is the new wave in Security.

The nature, scale, and diversity of the cybersecurity threats that the modern organization faces means leveraging the power of automated security tools is a necessity. Large enterprises can generate billions of distinct system logs and events each day. Manually poring through such information is impossible. Security software and automated tools make the process of sifting through such security data quick and efficient. Among the different categories of cybersecurity tools an organization could use to enforce their security policies, security analytics software is among the most critical.

Most of the existing solutions to enterprise threat management are preventive approaches prescribing means to prevent policy violations with varying degrees of success. In this paper we consider the complementary scenario where a number of security violations have already occurred, or security threats, or vulnerabilities have been reported and a security administrator needs to generate optimal response to these security events. We present a principled approach to study and model the human expertise in responding to the emergent threats owing to these security events. A recursive Partial Least Squares based adaptive learning model is defined using a factorial analysis of the security events together with a method for estimating the effect of global context dependent semantic information used by the security administrators. Presented model is theoretically optimal and operationally recursive in nature to deal with the set of security events being generated continuously. We discuss the underlying challenges and ways in which the model could be operationalized in centralized versus decentralized, and real-time versus batch processing modes.