TrailBlitz

TrailBlitz - NLP over Cloud Trails

Inspiration

As frequent users and administrators of cloud services, we found ourselves regularly spending significant time and mental energy diving into AWS CloudTrail logs for security investigations. This common and cumbersome task inspired us to develop a solution - TrailBlitz, to streamline this process.

What It Does

TrailBlitz revolutionizes the way AWS CloudTrail logs are investigated. It uses Pinecone and OpenAI to transform verbose logs into precise, readily accessible insights. Users simply pose their queries in natural language, and TrailBlitz swiftly returns accurate responses, effectively accelerating the cloud forensics process.

How We Built It

TrailBlitz was built in stages. Initially, we created a Pinecone index for the user intent search. We used OpenAI to generate 100 different ways a user can ask a specific event. When user enters a query, the correct user intent function is determined and then using, we then execute the relevant actions for the event type and return results. Finally using OpenAI to convert results back to human language.

Challenges We Ran Into

We initially tried to ingest cloud trail logs into pinecone and then do a search across that index, but the search results were not satisfactory. We then switched to plan-B to use pinecone as a mechanism to search for the user intent, and then using AWS APIs search for what we are looking for. We liked the final results as a solution because its lighter, more flexible and doesn't require ingesting huge volume of cloudtrail logs which makes it more economical. We believe this is an easier sell with just providing cloudtrail read-only access.

Accomplishments That We're Proud Of

We are particularly proud of how TrailBlitz has managed to simplify the traditionally complex task of sifting through AWS CloudTrail logs. The tool significantly reduces the time spent on security investigations, transforming a typically tedious 30-minute task into a matter of seconds.

What We Learned

The development of TrailBlitz offered us a deep dive into Pinecone, and OpenAI and semantic search in general. We learned how difficult it is to do a similarity search across cloudtrail logs. We built ChatGPT plugin so this was a great exercise. We ended up not using ChatGPT plugin interface but we still appreciate the knowledge and will be using it for our other projects.

What's Next for TrailBlitz

We already have plans to launch this as a service very soon. We will be adding more use cases for most common cloud forensic search queries like S3 buckets, IAM etc, add other cloud providers integrations. We aim to make TrailBlitz an essential tool in the toolbox of every cloud services security team.

Built With

auth0
azure
chatgpt
openai
pinecone

Submitted to

Pinecone Hackathon: Jumpstart Real-World AI Applications

Created by

I worked on the front-end, CD pipeline and managing cloud infra on Azure.

Cihan Sahin
Founder of OpsBeacon, a DevOps automation platform. Ex-Cisco Ops guy.
This is our first time using OpenAI, Pinecone, and Cohere. We have extensive experience with OpenSearch/Elasticsearch, but this is also first time using those tools for AI.

Private user
Yasin Yalcin

Updates

Cihan Sahin started this project — Jun 25, 2023 10:13 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.