From e07d4af5632ff8d7633d8c118b9666b24080e27b Mon Sep 17 00:00:00 2001
From: Sean Kwach Wasonga <67633117+KwachSean@users.noreply.github.com>
Date: Wed, 3 Apr 2024 17:23:36 +0300
Subject: [PATCH] Update readme.md

---
 .../Prompting Tips for Copilot For Security/readme.md    | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/Customer Guides/Prompting Tips for Copilot For Security/readme.md b/Customer Guides/Prompting Tips for Copilot For Security/readme.md
index c34a1c36..c5063397 100644
--- a/Customer Guides/Prompting Tips for Copilot For Security/readme.md	
+++ b/Customer Guides/Prompting Tips for Copilot For Security/readme.md	
@@ -21,11 +21,6 @@ Following best practices above, listed below are good and bad examples of prompt
 |  | **Bad** | **Good** | **Better** | **Best** |
 |---|---|---|---|---|
 | **Incident Summary** | Provide an incident summary. | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience. | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience. List the entities of the incident in a table providing context from MDTI. | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience. List the entities of the incident in a table which includes headers: "Entity", "Entity Type", "MDTI reputation". List entity associated with the incident, its type (e.g., domain, IP, URL, hash), and enrich against MDTI’s Copilot reputation skill. |
-| **KQL Query for Hexadecimal Strings** | Create a KQL query to hunt for hexadecimal strings. | Create a KQL query to hunt for hexadecimal strings associated with svchost.exe process. | Prompt 1: Create a Defender KQL query to hunt for hexidecimal strings associated with the svchost.exe process.
-
-Prompt 2: What threat actor groups tend to use this svchost.exe process?
-
-Prompt 3: What are the TTPs associated with these threat actor groups?
-
-Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1  “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”.
+| **KQL Query for Hexadecimal Strings** | Create a KQL query to hunt for hexadecimal strings. | Create a KQL query to hunt for hexadecimal strings associated with svchost.exe process. | Prompt 1: Create a Defender KQL query to hunt for hexidecimal strings associated with the svchost.exe process.Prompt 2: What threat actor groups tend to use this svchost.exe process?Prompt 3: What are the TTPs associated with these threat actor groups?
+Prompt 4: Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1  “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”. |
  | **Prompts 1-11:** As in the detailed Best example description, including prompts for identifying CVEs, threat actor groups, TTPs, MITRE ATT&CK techniques, lack of detection rule coverage, threat intelligence, remediation recommendations, and asset vulnerabilities. |