Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IOC Query Builder and ASR Custom Plugins #115

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

IOC Query Builder and ASR Custom Plugins #115

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
ce6116f
Create Readme.md
alfonso-greenbrook Sep 4, 2024
394b5cb
Create IOC_Query_Builder.yaml
alfonso-greenbrook Sep 4, 2024
0e4c6ab
Create Readme.md
alfonso-greenbrook Sep 4, 2024
8e6d45e
Update Readme.md
alfonso-greenbrook Sep 4, 2024
732e368
Create MDE_Attack_Surface_Reduction.yaml
alfonso-greenbrook Sep 4, 2024
e21acff
Update Readme.md
alfonso-greenbrook Sep 4, 2024
bcb5874
Update Readme.md
alfonso-greenbrook Sep 4, 2024
e6545ef
Update MDE_Attack_Surface_Reduction.yaml
alfonso-greenbrook Sep 4, 2024
8c610fa
Update MDE_Attack_Surface_Reduction.yaml
alfonso-greenbrook Nov 14, 2024
0d8d45f
Update Readme.md
alfonso-greenbrook Nov 14, 2024
c0c5045
Update IOC_Query_Builder.yaml
alfonso-greenbrook Nov 14, 2024
f8a90ef
Update Readme.md
alfonso-greenbrook Nov 15, 2024
4a23ebc
Merge branch 'Azure:main' into NewCustomPlugins
alfonso-greenbrook Nov 15, 2024
a07c2db
Update Readme.md
alfonso-greenbrook Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update IOC_Query_Builder.yaml
  • Loading branch information
@alfonso-greenbrook
alfonso-greenbrook authored Nov 14, 2024
commit c0c50455b9747274c55f510e57ce18f9fc6c0b77
19 changes: 17 additions & 2 deletions Plugins/Community Based Plugins/IOC Query Builder/IOC_Query_Builder.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,32 @@ SkillGroups:
- Name: GenerateIOCListForKQL
DisplayName: Generate IOC List For KQL
Description: Formats a list of IOCs so they can be used by SOC analysts in KQL queries
ExamplePrompt:
- 'IOC KQL Query'
- 'IOC List'
- 'Build a KQL query from the following list of IOCs'
- 'Format the following list of IOCs'
- 'Create a dynamic array from this list of IOCs'
- 'Format the following list of IP addresses'
- 'Create a dynamic array from this list of IP addresses'
- 'Format the following list of domain names'
- 'Create a dynamic array from this list of domain names'
- 'Format the following list of URLs'
- 'Create a dynamic array from this list of URLs'
- 'Format the following list of hashes'
- 'Create a dynamic array from this list of hashes'
Inputs:
- Name: iocs
Description: The unformatted list of IOCs
Required: true
Settings:
ModelName: gpt-4-32k-v0613
Template: |-
When a security operations analyst recieves a list of indicators of compromise (IOCs), they will search their SIEM tool to identify if a system may have been infiltrated by a cyber threat. The list of IOCs will need to be formatted in such as way that it can be included in a KQL query.

Some examples of this formatting in KQL:
1. microsoft.com securitycopilot.microsoft.com security.microsoft.com --> 'microsoft.com','securitycopilot.microsoft.com','security.microsoft.com'
2. 1.1.1.1 8.8.8.8 --> '1.1.1.1','8.8.8.8'
1. microsoft.com securitycopilot.microsoft.com security.microsoft.com --> ['microsoft.com','securitycopilot.microsoft.com','security.microsoft.com']
2. 1.1.1.1 8.8.8.8 --> ['1.1.1.1','8.8.8.8']

Format any IOCs in the following text and return the new text:
{{iocs}}