BSidesAugusta 2023

BSidesAugusta 2023

Jake Coyne

Jake Coyne is a cybersecurity professional specializing in offensive security operations. He currently holds the position of Senior Offensive Operator at SIXGEN. Before joining SIXGEN, Jake was part of the U.S. Army Cyber Command and U.S. Cyber Command, where he contributed to cyber operations.

Jake earned a Master's degree in Cyber Security from Georgia Institute of Technology and a Bachelor's degree in Industrial Technology from Illinois State University. He holds several certifications in the field of cybersecurity, including Offensive Security Certified Professional (OSCP), Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), and Certified Information Systems Security Professional (CISSP).


Preferred Social Media

Twitter

Social Media User/Handle

@aggr0cr4g


Session

10-07
15:45
60min
SplunkGPT
Jake Coyne, Andrew Gomez

In the evolving landscape of cybersecurity, professionals are often inundated with vast amounts of data. Splunk has been a game-changer in analyzing and visualizing this data. However, crafting precise queries in Splunk’s Search Processing Language (SPL) requires expertise and can be time-consuming. Enter SplunkGPT – the start of a solution that harnesses the power of GPT-3 to transform natural language queries into SPL, making data retrieval more intuitive and efficient.

In this talk, we will journey through the development of SplunkGPT. We will start by exploring the capabilities of OpenAI's GPT-3 in processing natural language queries. Through live demonstrations, we will observe how GPT-3, in its vanilla form, can handle basic queries but falls short when faced with complex, domain-specific questions.

Recognizing these limitations, we will delve into the world of fine-tuning GPT-3. We will unravel the process of collecting domain-specific training data, creating templates, and refining GPT-3 to understand the intricacies of SPL and cybersecurity data. The audience will gain insights into the challenges and best practices of fine-tuning a language model for specialized tasks.

Next, we will unveil the architecture of the semantic parser that integrates the fine-tuned GPT-3 model. We will discuss how this parser converts natural language queries into SPL queries, and how it is seamlessly integrated with the Splunk database.

Finally, we will explore the broader applications and implications of this technology in the cybersecurity domain, followed by an interactive Q&A session.

Track 4