Skip Navigation

Some interesting uses of AI (which don't currently work)...

isc.sans.edu /diary/Are+Local+LLMs+Useful+in+Incident+Response/30274
Embed prevented alt text

One of the more interesting uses of AI is to power natural language interfaces.

Basically this means plumbing them in to reporting layers so that the AI can figure out what it is you're asking and create appropriate queries for data stores, execute them, and then present (and possibly interpret) the results.

Imagine an ELK stack that you're shipping all your logs into. As well as getting some pretty graphs for management to coo at you could also just ask an AI interface connect to it: "Tell me who authenticated with $platform last Friday, in a table ordered by the number of authentication attempts" and it would just return that.

Kinda tempting, huh?

Well this link is to a SANS Internet Storm Centre Diary where they look at doing that from an Incident Response point of view.

The short version - your job is safe. For now.

But I think it's a good read simply because it gives us ideas about how we could use AI, and a pointer at what's likely to work. The fact that multiple models were tested is particularly interesting...

What do you think?

1

You're viewing a single thread.