📱 Mobile Security Tips
Daniel Osei — Cybersecurity Awareness Trainer
Why AI Changes the Game for Incident Response
Incident response is critical for minimizing the damage of security breaches and ensuring quick recovery. Leveraging AI can streamline this process, providing speed and analytical depth that is difficult to achieve manually. AI tools like ChatGPT, Claude, and others can assist in extracting actionable insights from data, automating repetitive tasks, and enhancing decision-making.
Before You Start: How to Set Context Properly
When working with AI tools for incident response, establishing clear context is essential. Define the scope of the incident, detail the data available, and specify the type of analysis needed.
Core Prompts Cheatsheet
What it does: Analyzes log files to extract essential information relevant to the incident.
When to use it: When you have a large volume of logs that need summarizing.
How to customize it: Specify the type of logs, e.g., web server logs or firewall logs, to refine the output.
What it does: Provides a concise action plan to mitigate damage after a breach.
When to use it: After detecting a data breach and needing expedited response actions.
How to customize it: Include the specific systems or data compromised for tailored advice.
What it does: Extracts and categorizes IOCs from incident reports.
When to use it: When evaluating previous incidents for patterns.
How to customize it: Specify categories like IP addresses, file hashes, and URLs to focus IOCs.
What it does: Aggregates data on recent threats and presents it in an informative report format.
When to use it: To stay informed about current threats relevant to your organization.
How to customize it: Specify the industry or geographical area of interest.
What it does: Creates a structured template for reviewing the incident response process.
When to use it: After any incident to improve future responses.
How to customize it: Include specific sections that align with your organization’s protocols.
Weak vs Strong Prompt Examples
Advanced Prompt Techniques
Role Prompting: Position yourself or the AI as an expert in incident response. Example: “Act as a CISO and explain how to handle a ransomware attack.”
Chain-of-Thought: Encourage the AI to think through its answers step by step. Example: “Outline the steps you would take to investigate a potential data breach.” This leads to a more thorough response.
Few-Shot Examples: Provide examples of expected outputs to guide the AI. Example: “Below are some actions from previous incidents: [insert actions], now list actions for the current incident.”
Output Formatting: Specify desired formats, e.g., bullet points, tables, or narrative summaries.
Claude vs ChatGPT: Which Works Better For This
ChatGPT typically excels in conversational context but may need clearer prompts for technical incident-specific advice. Claude can be more straightforward with technical requests, often providing precise step-by-step guidance. Choose based on the specific use case you are facing.
Tips for Getting Consistent Results
- Set Context: Always include necessary background information.
- Be Specific: Narrow down the area of focus to avoid generic responses.
- Iterate: Use feedback from previous outputs to refine your next query.
Quick Reference: All Prompts in One Place
1. Given a log file, summarize the key findings and actionable items for incident response.
2. Generate a checklist of immediate actions to take following a data breach.
3. List top indicators of compromise (IOCs) based on the provided incident report.
4. Create a threat intelligence report based on recent attacks in the industry.
5. Develop a post-incident review template.