Summarize findings and investigations with the AI Assistant

How to use the AI Assistant to summarize findings during triage or investigation

Note: The AI Assistant for Splunk Enterprise Security is not automatically available by default. An administrator must reach out to their account team to get started.
Use the AI Assistant to help triage findings and investigations efficiently and reduce the time to escalate critical issues. You can ask the assistant for a plain-language explanation of a finding or investigation to share with stakeholders.
  1. In Splunk Enterprise Security, select Mission Control.
  2. Select a finding or investigation from the analyst queue.
  3. For investigations, select View details to open the investigation Overview page.
  4. Select the AI Assistant icon ()to open the chat box and get started.
  5. Splunk Enterprise Security provides a few default requests to ask the AI Assistant. Select Summarize the findings.
    Note: If the AI Assistant is generating too long of a response, you can select the stop icon () to stop the AI Assistant.
  6. (Optional) As you chat with the AI Assistant, use the recommendation buttons below the chat to learn more about the finding or investigation. For example:
The AI Assistant returns a structured summary, narrative of events, a MITRE ATT&CK analysis, and suggested next steps. To see an example scenario using the AI Assistant, see Scenario: Jordan uses the AI Assistant to summarize an investigation and generate SPL.