AI Assistant
The AI Assistant uses Large Language Models (LLMs) to help you analyze security events and alerts, query and explore data, generate reports and documentation, and automate investigation workflows. Unlike standalone AI tools, the Assistant operates within your DTACT environment with full access to your team's data and context.
How to Access
Click AI Assistant in the sidebar to open the full interface.
Supported LLMs
AWS Bedrock (Recommended)
Secure, enterprise-grade models:
- Claude (all versions)
- Llama (all versions)
- Mistral (all versions)
Azure OpenAI
Microsoft-hosted models:
- GPT-4 and GPT-4o
- GPT-3.5 Turbo
OpenAI Direct
Direct API access:
- All GPT models
- Custom fine-tuned models
Key Features
Context-Aware Analysis
The Assistant understands your:
- Data schemas and tables
- Team configurations
- Historical investigations
- Detection rules
Query Generation
Describe what you need in natural language:
- Assistant generates SQL queries
- Executes against your data
- Returns formatted results
Alert Investigation
Analyze alerts with AI assistance:
- Automatic context gathering
- Similar alert identification
- Recommended next steps
Report Generation
Create documentation:
- Investigation summaries
- Executive briefings
- Incident reports
Working with Threads
Creating Threads
Start new conversations for:
- Specific investigations
- Data exploration sessions
- Report generation tasks
Thread History
Access previous conversations:
- Continue investigations
- Reference past analysis
- Share with team members
Forking Threads
Branch conversations to:
- Explore alternative hypotheses
- Test different queries
- Preserve original context
Best Practices
- Be specific — Provide context about what you're investigating
- Iterate — Refine queries based on initial results
- Verify — Cross-check AI suggestions with your expertise
- Document — Save useful threads for future reference