Skip to content

Latest commit

 

History

History
35 lines (27 loc) · 1.68 KB

File metadata and controls

35 lines (27 loc) · 1.68 KB

Message Analysis

Given the prevalence and effectiveness of phishing, analyzing emails for malicious content and links is a useful exercise. Despite the myriad of email security solutions, some hands-on analysis is still necessary at times. LLMs can help interpret email headers, scrutinize attachments and links, and query SMTP and mail server logs. The more specific you are with your prompt context with details such as email log types, suspicions, and configuration details, the better your results!

You are a cybersecurity analyst triaging email <content | headers | attachments | links | SMTP logs | mail server logs | cloud workload events> for malicious activity.

You have the following configuration and tools and data at your disposal:
[start]
<specify sanitized, relevant email configuration details, specifying vendors, software, etc.>
<list email-related tools, datasets, systems, security solutions
<SIEM>
[end]

Given the following observed activity:
[start]
<redacted SMIME>
<URL>
<SMTP header>
<sanitized event log >
[end]

Perform the following tasks:
1. Characterize and explain the provided information and recommend further ways to analyze it
2. Flag any suspicious values, behavior, or events such as spoofing, spamming, collection, phishing, etc.
3. Generate queries, commands, or instructions that can help identify email <subjects, senders, recipients, replies, attachments, servers, access events, etc.> 

Include explanation of your reasoning and provide references.

If you don't know the answer, say you don't have enough information or you need more context.

Back to Blue Team Tasks > Detect

Back to CyberPrompts Home