From 5c8fac80d4fe861bbeef1f680ebd9415fd659b0d Mon Sep 17 00:00:00 2001
From: Sean Kwach Wasonga <67633117+KwachSean@users.noreply.github.com>
Date: Wed, 3 Apr 2024 17:16:45 +0300
Subject: [PATCH] Update readme.md
---
.../Prompting Tips for Copilot For Security/readme.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/Customer Guides/Prompting Tips for Copilot For Security/readme.md b/Customer Guides/Prompting Tips for Copilot For Security/readme.md
index 70a2209d..badf25d0 100644
--- a/Customer Guides/Prompting Tips for Copilot For Security/readme.md
+++ b/Customer Guides/Prompting Tips for Copilot For Security/readme.md
@@ -31,3 +31,4 @@ Following best practices above, listed below are good and bad examples of prompt
| **Better** | Prompt 1: Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process.
Prompt 2: What threat actor groups tend to use this svchost.exe process?
Prompt 3: What are the TTPs associated with these threat actor groups?
Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”. |
| **Best** | Prompt 1: Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process.
Prompt 2: What threat actor groups tend to use this svchost.exe process?
Prompt 3: What are the TTPs associated with these threat actor groups?
Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”.
Prompt 5: Based on the MITRE ATT&CK techniques gathered in the previous response, which ones do not have analytic (detection) rule coverage based on what our organization has configured in our Sentinel workspace?
Prompt 6: Which CVEs do these threat actor groups tend to exploit?
Prompt 7: What threat intelligence exists associated with each of these CVEs from MDTI?
Prompt 8: What threat intelligence exists associated with each of these CVEs from inthewild.io?
Prompt 9: What remediation and/or mitigation recommendations are associated with each of these CVEs from MDTI?
Prompt 10: Which of my MDEASM, MDVM, MDC, and IoT assets are vulnerable to these CVEs?
Prompt 11: Based on the incident comments (or wherever you document your postmortem steps), have these recommendations been followed?
\[Save this as a custom promptbook\] |
+