Summarize findings with the AI Assistant

How to use the AI Assistant to summarize findings during triage or investigation

Note: The AI Assistant for Splunk Enterprise Security is not automatically available by default. An administrator must reach out to their account team to get started.
Use the AI Assistant to help triage findings efficiently and reduce the time to escalate critical issues. You can ask the assistant for plain-language explanations of findings to share with stakeholders and request SPL searches to investigate further.
  1. In Splunk Enterprise Security, select Mission Control.
  2. Select an investigation from the analyst queue.
  3. Select View details to open the investigation Overview page.
  4. Select the AI Assistant icon ()to open the chat box and get started.
  5. Splunk Enterprise Security provides a few default requests to ask the AI Assistant. Select Summarize the findings.
    Note: If the AI Assistant is generating too long of a response, you can select the stop icon () to stop the AI Assistant.
  6. (Optional) Generate an investigation report of the findings and save it as a PDF, add it as a note, or attach it as a file. See Generate an investigation report with the AI Assistant.
The AI Assistant returns a structured summary, narrative of events, and MITRE ATT&CK analysis. To see an example scenario using the AI Assistant, see Scenario: Jordan uses the AI Assistant to summarize an investigation and generate SPL.