BSidesAugusta 2023

In the evolving landscape of cybersecurity, professionals are often inundated with vast amounts of data. Splunk has been a game-changer in analyzing and visualizing this data. However, crafting precise queries in Splunk’s Search Processing Language (SPL) requires expertise and can be time-consuming. Enter SplunkGPT – the start of a solution that harnesses the power of GPT-3 to transform natural language queries into SPL, making data retrieval more intuitive and efficient.

In this talk, we will journey through the development of SplunkGPT. We will start by exploring the capabilities of OpenAI's GPT-3 in processing natural language queries. Through live demonstrations, we will observe how GPT-3, in its vanilla form, can handle basic queries but falls short when faced with complex, domain-specific questions.

Recognizing these limitations, we will delve into the world of fine-tuning GPT-3. We will unravel the process of collecting domain-specific training data, creating templates, and refining GPT-3 to understand the intricacies of SPL and cybersecurity data. The audience will gain insights into the challenges and best practices of fine-tuning a language model for specialized tasks.

Next, we will unveil the architecture of the semantic parser that integrates the fine-tuned GPT-3 model. We will discuss how this parser converts natural language queries into SPL queries, and how it is seamlessly integrated with the Splunk database.

Finally, we will explore the broader applications and implications of this technology in the cybersecurity domain, followed by an interactive Q&A session.