Despite detection tools and the automation of cybersecurity, analysts are more in-demand than ever. They have to perform complex security investigations in order to find and qualify threats. It is necessary to speed up and ease security tasks in order to reduce the effects of analysts shortages. Recommender systems are widely used in the task of helping users find their way in enormous amount of heterogeneous data for example in online marketplaces. That situation is similar to the one face by analysts. We thus offer to design a recommender system for incident response. By recognizing 7 relevant user intentions throughout the investigation process, we propose MIMIR, that provides relevant recommendations for the analyst's next actions based on their most probable objectives. We evaluate MIMIR in different ways, using 4 experiments and 5 datasets. The results show the validity of the model as well as the relevance of recommendations, which is a first step towards recommendations based on user intention recognition in the field of incident response.