Enhancing Threat Hunting with Splunk and Generative AI forAutomated Security Operations

Nowadays, organizations are increasingly challenged by the need to detect and mitigate cybersecurity incidents in real time, given the surge in both the volume and sophistication of cyber attacks.Proactive threat hunting has become essential, yet SOC (Security Operations Center) analysts often struggle to analyze the huge volume of logs generated by numerous devices in organizations.Thanks to a Security Information and Event Management (SIEM) tools like Splunk, which provides a centralized, real-time log analysis to support threat detection and response.However, the heavy dependency on skilled human resources to analyze the large volume of logs remains a significant challenge.The labor intensive repetitive task of log analysis leads to alert fatigue to SOC analysts and reducing operational effectiveness.The recent advancements in Generative AI, particularly Large Language Models (LLMs), has offered a solution to address these challenges.The integration of LLM into the SIEM workflow can automate the analysis process, reducing manual tasks, and improving the threat detection process. In this paper, we propose a novel threat hunting framework that leverages LLM insights to analyze logs using a SIEM tool such as Splunk to improve security operations.Moreover, the framework uses cyber threat intelligence tools like Maltego to enrich and validate identified threat indicators, therefore providing actionable and context-rich insights.The framework demonstrates that the integration of LLM with SIEM and CTI tools improves the effectiveness of the threat-hunting process to detect the signs of intrusions.