NATURAL LANGUAGE INTERFACE SPLUNK APP
OPENINTELLIGENCE NATURAL LANGUAGE INTERFACE SPLUNK APP (ONLI)
MAIN FEATURES
-
Natural language, business oriented interface allows to even the most novice users to specify a search using a natural language expression.
-
Generates optimized Splunk SPL queries addressing both simple and complex searches in cybersecurity/ threat hunting, IT operations, etc.
-
Extensive events coverage. Generated queries are CIM Model compliant by default maximizing portability and reducing maintenance but can also use custom Data Models or plain event logs (e.g. Windows logs).
-
Intelligent, contextual user interface controls ensure a user can only build correct natural language expression that could be translate to a useful Splunk query.
-
Contextual help guides users during the process of building their queries.
-
Freely available for download in Splunkbase.
-
App also available in github (open source license).
-
Requires valid license to an OpenIntelligence rules engine (trial version available).
-
Provide two different natural language wizards (next version will also include a natural language search bar).
ENTITY WIZARD
-
Uses an entity driven approach (e.g. devices or accounts) to incrementally build complex natural language queries and translate them to Splunk.
-
Entities also help to identify useful queries and automatically generate joining attributes between different event logs.
-
Entity-Events correlations integrate events with organization metadata (e.g. privileged accounts).
-
Manages complex correlations across entities and events including CIM Data Models and normal event logs.
-
Provides specialized operators for time sequences (an event happening after another and negations (when a type of event had not happened during the same period than another).
-
Also manages complex statistical queries
EVENT WIZARD
-
Use an event driven approach (e.g. authentication events) to incrementally build complex natural language queries.
