Skip to content

Latest commit

 

History

History
17 lines (14 loc) · 4.39 KB

File metadata and controls

17 lines (14 loc) · 4.39 KB

Detect

Explore LLM prompts to help develop and maintain capabilities such as detection rules and data pipelines to identify incidents in a timely manner.

D3FEND Technique Goal
File Analysis Examine files for malicious content, anomalies, or unauthorized modifications.

See prompts for static analysis, creating signatures, dynamic analysis, hashes.

IOCs (Indicators of Compromise) Identify known threat signatures such as IPs, hashes, or domains linked to attacks.

See prompts for activity query, homoglyphs, reputation and enrichment

Message Analysis Analyze emails, chats, and other communications for phishing or suspicious behavior.
Network Traffic Analysis Monitor and inspect data flows for unusual patterns or unauthorized access attempts.

See prompts for administrative protocols, pattern matching, certificates, session profiling, connection attempts, signature translation, DNS, file carving, volume analysis, protocol analysis, anomaly detection.

Platform Monitoring Track system logs, configurations, hardware devices, and OS activity to detect potential security incidents.

See prompts for file integrity, firmware integrity, configuration and operating mode monitoring, endpoint health, peripheral devices, memory analysis, scheduled jobs, system daemons, OS files, initialization configuration.

Process Analysis Observe running processes for signs of exploitation, injection, or abnormal behavior.

See prompts for API and database query, file events, call chain analysis, code segment validation, native api system calls, process spawns, script execution.

User Behavior Analysis Detect deviations from normal user activity that may indicate insider threats or compromised accounts.

See prompts for authentication, authorizations, credentials, account management, access patterns, temporal analysis, data transfer, web sessions.


Back to Blue Team Tasks

Back to CyberPrompts Home