Posts

Showing posts from July, 2023

Integrate ChatGPT and Splunk in Sysmon Log Analysis

Image
Integrate ChatGPT and Splunk in Sysmon Log Analysis Integrate ChatGPT and Splunk in Sysmon Log Analysis In this project, we attempt to use two add-ons of Splunk: “ OB OpenAI ChatGPT ” and “ Sysmon Splunk Add-on for Microsoft Windows ” to integrate Splunk and ChatGPT for analyzing Sysmon events, exploring the applications of artificial intelligence in incident response. Tools Tool version Sysmon v15.0 Splunk Enterprise Server 9.1.0.1 ChatGPT ChatGPT-4 API OB OpenAI ChatGPT 1.0.2 Splunk Add-on for Microsoft Windows 8.7.0 Process Install Splunk This project uses a trial version of Splunk Enterprise, which can be registered and downloaded from the official Splunk website. https://www.splunk.com/en_us/download.html?301=/en_us/download/get-started-with-your-free-trial.html Install Sysmon Sysmon can be downloaded from Microsoft Sysinternal official website. https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon After downl