TA-llm-command-scoring is a Splunk Technology Add-on that houses a custom Splunk command. It queries OpenAI's GPT to assess whether a process' command-line argument (CLA) appears malicious. This Splunk custom command accepts a field that contains a valid Command Line Argument, e.g.: powershell.exe -nop -w hidden -enc aAB0AHQAcAA6AC8ALwAxADAAMAAuADEAMAAwAC4AMQAwADAALwBtAGEAbAB3AGEAcgBlAC4AZQB4AGUA The command will ask ChatGPT to scrutinize the command and will respond with a Likert-type score: - [5] Definitely Malicious - [4] Possibly Malicious - [3] Unclear - [2] Likely Benign - [1] Definitely Benign - [0] Invalid Process Command and a short explanation of why it chose that score. It integrates directly into Splunk searches via a custom streaming command and leverages LLMs' ability to read between the lines — at scale, without fatigue.