Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MDTI Promptbooks #173

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

MDTI Promptbooks #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
bc4b16d
Create README.md
alfonso-greenbrook Apr 16, 2024
a1f51d2
Create API-TrellixDoD.yaml
alfonso-greenbrook Apr 16, 2024
ae01c68
Update README.md
alfonso-greenbrook Apr 16, 2024
a017493
Update README.md
alfonso-greenbrook May 7, 2024
f995076
Create OpenAPI-TrellixDoD.yml
alfonso-greenbrook May 7, 2024
c0d513f
Rename API-TrellixDoD.yaml to TrellixDoD.yaml
alfonso-greenbrook May 7, 2024
32afd37
Update README.md
alfonso-greenbrook May 7, 2024
b161128
Update README.md
alfonso-greenbrook May 7, 2024
8fc379e
Merge branch 'Azure:main' into main
alfonso-greenbrook Jun 6, 2024
7ef6c3f
Update OpenAPI-TrellixDoD.yml
alfonso-greenbrook Jun 6, 2024
c69da11
Update TrellixDoD.yaml
alfonso-greenbrook Jun 6, 2024
5632ba0
Update README.md
alfonso-greenbrook Jun 6, 2024
31a3b04
Update README.md
alfonso-greenbrook Jun 6, 2024
bd8cd5b
Update TrellixDoD.yaml
alfonso-greenbrook Jun 10, 2024
a6fe4fa
Update OpenAPI-TrellixDoD.yml
alfonso-greenbrook Jun 10, 2024
5d5988a
Update OpenAPI-TrellixDoD.yml
alfonso-greenbrook Jun 10, 2024
f2e8e2f
Merge branch 'Azure:main' into MDTI-Promptbooks
alfonso-greenbrook Feb 4, 2025
2be87ef
Create Domain Name Investigation Promptbook.md
alfonso-greenbrook Feb 4, 2025
217d3f4
Create IP Address Investigation Promptbook.md
alfonso-greenbrook Feb 4, 2025
982ca58
Delete Plugins/Community Based Plugins/Trellix Detection as a Service…
alfonso-greenbrook Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions Promptbook samples/Domain Name Investigation Promptbook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
![Security CoPilot Logo](https://github.com/Azure/Copilot-For-Security/blob/main/Images/ic_fluent_copilot_64_64%402x.png)
# Domain Name Investigation Promptbook (MDTI)

**Description**: Get threat intelligence details for a fully qualified domain name (FQDN), including the MDTI reputation, WHOIS and subdomain resolutions, and web components.

**Required Plugin**: Microsoft Threat intelligence

**Required Input**: <DOMAIN_NAME>

1. Get the latest reputation score
```
Give me the Microsoft Defender Threat Intelligence reputation score for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by bullet points.
```
2. Get Whois record
```
Give me the WHOIS record for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by bullet points.
```
3. Get IP resolutions
```
Give me the resolutions for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table.
```
4. Get subdomains
```
Give me details of the subdomains for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table.
```
5. Get web components
```
Give me details of the web components for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table.
```
6. Generate threat bulletin
```
/SummarizeData I am a threat intelligence analyst writing a threat bulletin about this domain. Based on the above investigation, generate a threat bulletin that summarises the above intelligence. The response should include a short introduction, bullet points of the key information, and a conclusion.
```

## Promptbook JSON Format
```
{"name":"Domain Name Investigation (MDTI)",
"description":"Get threat intelligence details for a fully qualified domain name (FQDN), including the MDTI reputation, WHOIS and subdomain resolutions, and web components.",
"prompts":
[
{"promptType":"Prompt","content":"Give me the Microsoft Defender Threat Intelligence reputation score for <DOMAIN_NAME>. Present this information as short summary paragraph, followed by bullet points."},
{"promptType":"Prompt","content":"Give me the WHOIS record for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by bullet points."},
{"promptType":"Prompt","content":"Give me the resolutions for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"Give me details of the subdomains for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"Give me details of the web components for <DOMAIN_NAME>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"/SummarizeData I am a threat intelligence analyst writing a threat bulletin about this domain. Based on the above investigation, generate a threat bulletin that summarises the above intelligence. The response should include a short introduction, bullet points of the key information, and a conclusion."}
],
"promptbookinputs":
[
{"name":"DOMAIN_NAME","description":"User input"}
],
"visibility":"Private","tags":"MDTI"}
```
53 changes: 53 additions & 0 deletions Promptbook samples/IP Address Investigation Promptbook.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
![Security CoPilot Logo](https://github.com/Azure/Copilot-For-Security/blob/main/Images/ic_fluent_copilot_64_64%402x.png)
# IP Address Investigation Promptbook (MDTI)

**Description**: Get threat intelligence details for an IP address, including the MDTI reputation, WHOIS and DNS records, and web and service components.

**Required Plugin**: Microsoft Threat intelligence

**Required Input**: <IP_ADDRESS>

1. Get the latest reputation score
```
Give me the Microsoft Defender Threat Intelligence reputation score for <IP_ADDRESS>. Present this information as short summary paragraph, followed by bullet points.
```
2. Get Whois record
```
Give me the WHOIS record for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by bullet points.
```
3. Get reverse DNS records
```
Give me the reverse DNS record for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table.
```
4. Get web components
```
Give me details of the web components for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table.
```
5. Get services
```
Give me details of the services for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table.
```
6. Generate threat bulletin
```
/SummarizeData I am a threat intelligence analyst writing a threat bulletin about this IP address. Based on the above investigation, generate a threat bulletin that summarises the above intelligence. The response should include a short introduction, bullet points of the key information, and a conclusion.
```

## Promptbook JSON Format
```
{"name":"IP Address Investigation (MDTI)",
"description":"Get threat intelligence details for an IP address, including the MDTI reputation, WHOIS and DNS records, and web and service components.",
"prompts":
[
{"promptType":"Prompt","content":"Give me the Microsoft Defender Threat Intelligence reputation score for <IP_ADDRESS>. Present this information as short summary paragraph, followed by bullet points."},
{"promptType":"Prompt","content":"Give me the WHOIS record for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by bullet points."},
{"promptType":"Prompt","content":"Give me the reverse DNS record for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"Give me details of the web components for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"Give me details of the services for <IP_ADDRESS>. Present this information as a short summary paragraph, followed by a table."},
{"promptType":"Prompt","content":"/SummarizeData I am a threat intelligence analyst writing a threat bulletin about this IP address. Based on the above investigation, generate a threat bulletin that summarises the above intelligence. The response should include a short introduction, bullet points of the key information, and a conclusion."}
],
"promptbookinputs":
[
{"name":"IP_ADDRESS","description":"User input"}
],
"visibility":"Private","tags":"MDTI"}
```