Natural language to query with LLM

google / timesketch

Collaborative forensic timeline analysis

Apache License 2.0

2.52k stars 576 forks source link

Natural language to query with LLM #3074

Open dianakramer opened 2 months ago

dianakramer commented 2 months ago

Feature: Create queries from natural language. This will help analysts to create more efficient queries faster.

Description:

When asking an investigation question an LLM solution will recommend queries that will filter the events in a sketch relevant to the question.
Use prompt engineering with few-shot prompting and a pre-trained LLM model.
Take into account the data types in a sketch.

jkppr commented 2 months ago

Side note: Before merging this feature we need to fix a dependency issue with the required package for using Vertex AI google-cloud-aiplatform. In some early tests of the draft PR I have encountered an incompatibility in the dependencies of unfurl. Needs further investigation.

jkppr commented 4 weeks ago

LGTM & merged #3073

Next steps:

[ ] Update the prompt file with the final version.
[ ] Integrate the NL2Q feature in the DFIQ frontend
[ ] Add documentation on how to use the feature!