DFIR Copilot by DFIRVault

DFIR Copilot transforms how security analysts interact with Splunk data by integrating privacy-first LLM analysis into common DFIR and threat hunting tasks. Using a robust progressive summarization pipeline, the app maintains context when processing thousands of events and provides coherent narrative insights, anomaly explanation, and investigative suggestions — all performed locally using Ollama. - 100% local, private analysis — no outbound data required. - AI-driven insights tailored for incident response and forensic workflows. - Progressive summarization pipeline to retain context on large result sets. - Easy configuration and integration with Splunk search. Key Features & Use Cases - Conversational analysis of search results (using llmhandler). - Automated summarization for incident triage and timeline construction. - Threat hunting assistance, e.g., spotting C2 patterns or lateral movement. - Flexible prompts for custom investigation objectives. Typical use cases include: - Incident triage and executive summaries - Forensic reconstruction of attack narratives - Deep pattern detection in proxy/DNS/endpoint logs - Reducing SPL complexity with human-friendly analysis