Skip to content

Long-term Memory#

Long-term memory is one of AttackTrace's key capabilities. It allows the AI to retain and recall important investigation context across different sessions.

What is long-term memory?#

In a standard AI conversation, context disappears when the session ends. Long-term memory uses a vector database to persist key information so the AI can "remember" it in future conversations:

  • Investigation findings: a known malicious IP, a flagged user account
  • Environment details: your AWS account ID, the Elasticsearch index names you commonly use
  • Custom knowledge: internal IP allocation rules, team-specific naming conventions

How it works#

User conversation
   ↓
Memory extraction layer (LangGraph) identifies information worth saving
   ↓
Vector storage (embedded database)
   ↓
Future conversations: retrieve relevant memories → inject into AI context

Use cases#

Tracking attack activity

First session:
"185.220.101.34 is a Cobalt Strike C2, linked to APT28,
discovered on 2026-02-15"

→ Memory automatically saves this IOC and attribution

Second session (days later):
"Are there any suspicious connections in our firewall logs?"

→ AI automatically references the saved C2 address for comparison

Remembering environment configuration

"Our AWS production account ID is 123456789012,
VPC CIDR is 10.0.0.0/8,
CloudTrail logs are stored in s3://company-ct-logs"

→ Future AWS-related questions automatically use this context

Building team knowledge

Investigation conclusions, TTP profiles, and runbook summaries can be incrementally stored in long-term memory, turning the AI into an intelligent knowledge base for your team.

Managing memory#

Viewing memory#

In the client, go to Settings → Long-term Memory to view all stored memory entries.

Adding memory manually#

Tell the AI directly in the conversation:

Remember: our internal IP range 10.1.0.0/16 belongs to the office network, not attack traffic

The AI will confirm and store the information.

Deleting memory#

Select an entry in the memory management page → Delete. Bulk deletion is also supported.

Privacy#

Long-term memory data:

  • Is stored in the Hub's database and tied to your user account
  • Is only accessible to you; admins cannot view the content
  • Is permanently deleted when your account is closed