Scenario: Jordan uses the AI Assistant to summarize an investigation and generate SPL
AI Assistant scenario
Jordan is a Tier 1 SOC analyst at Buttercup Games. With limited time and a growing backlog in the Splunk Enterprise Security analyst queue, Jordan uses the AI Assistant to help triage investigations efficiently and reduce the time to escalate critical issues using AI-driven guidance and tools like Search Language Processing (SPL) generation.
This scenario shows how Jordan uses the AI Assistant to summarize a complex investigation, understand the threat, perform deeper searches, and add the summary as a note.
- In Splunk Enterprise Security, Jordan selects an investigation from the analyst queue on the Mission Control page.
- They select View details to open the Overview page of the investigation.
- They select the AI Assistant icon (
) and then select Summarize the findings.
- The AI Assistant returns a structured summary, a narrative of events, a MITRE ATT&CK analysis, and a suggested follow-up with next steps.
- Jordan asks the AI Assistant to generate a follow-up SPL search to investigate further.
- Jordan runs the search and validates suspicious behavior.
- Jordan asks the AI Assistant to generate a report and attach it as a note to the investigation.
- Jordan escalates the investigation and moves on to the next task.
- Generated an SPL search to investigate further
-
Generated an investigation report and added it as a note
-
Escalated a critical investigation with confidence
-
Asked for plain-language explanations to share with stakeholders or Tier 2 analysts
The AI Assistant helps Jordan improve operational efficiency by accelerating triage workflows, reduce mean time to triage (MTTR) by cutting through noise and surfacing what matters, and equip all analysts with expert-level tools by providing MITRE ATT&CK context and auto-generated SPL searches.
With the AI Assistant, Tier 1 analysts like Jordan work faster, make smarter decisions, and contribute to the SOC with confidence.