You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -31,3 +31,4 @@ Following best practices above, listed below are good and bad examples of prompt
|**Better**| Prompt 1: Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process.<br>Prompt 2: What threat actor groups tend to use this svchost.exe process?<br>Prompt 3: What are the TTPs associated with these threat actor groups?<br>Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”. |
| **Best** | Prompt 1: Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process.<br>Prompt 2: What threat actor groups tend to use this svchost.exe process?<br>Prompt 3: What are the TTPs associated with these threat actor groups?<br>Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”.<br>Prompt 5: Based on the MITRE ATT&CK techniques gathered in the previous response, which ones do not have analytic (detection) rule coverage based on what our organization has configured in our Sentinel workspace?<br>Prompt 6: Which CVEs do these threat actor groups tend to exploit?<br>Prompt 7: What threat intelligence exists associated with each of these CVEs from MDTI?<br>Prompt 8: What threat intelligence exists associated with each of these CVEs from inthewild.io?<br>Prompt 9: What remediation and/or mitigation recommendations are associated with each of these CVEs from MDTI?<br>Prompt 10: Which of my MDEASM, MDVM, MDC, and IoT assets are vulnerable to these CVEs?<br>Prompt 11: Based on the incident comments (or wherever you document your postmortem steps), have these recommendations been followed?<br>\[Save this as a custom promptbook\] |
