Using ChatGPT for Security Incident Response: A Comprehensive Prompts Cheatsheet

📱 Mobile Security Tips

Nina Kovacs — Consumer Security Analyst

Why AI Changes the Game for Security Incident Response

Artificial intelligence, particularly models like ChatGPT, has revolutionized how security professionals handle incident response. By leveraging AI tools, analysts can automate tasks, generate reports, provide insights, and streamline communications during security incidents. This cheatsheet outlines effective prompts for using AI to tackle various challenges faced during security incidents.

Before You Start: How to Set Context Properly

To get the best results from AI, it’s essential to set the context properly. Begin your interactions by providing background information relevant to the incident. Specify the type of incident, systems affected, and any pertinent policies or protocols. This helps the AI tailor its responses to your specific needs.

Core Prompts Cheatsheet

What it does: This prompt helps generate a structured incident response plan focused on a specific type of attack.

When to use it: Use this prompt when responding to a phishing incident.

How to customize it: Change the attack type and specifics about the organization.

What it does: Identifies IoCs related to ransomware.

When to use it: Utilize this when assessing a potential ransomware attack.

How to customize it: Specify the ransomware variant to get more tailored IoCs.

What it does: Creates a communication template for stakeholders following a data breach.

When to use it: Use this after discovering a significant data breach.

How to customize it: Adjust the tone and details depending on your audience.

Weak vs Strong Prompt Examples

Advanced Prompt Techniques

Leveraging advanced prompting techniques can significantly enhance the quality of the output:

• Role Prompting: Clearly define the AI’s role to ensure appropriate responses. For example, “Act as a cybersecurity expert and provide advice on incident escalation procedures.”
• Chain-of-Thought: Encourage reasoning in responses, such as “Explain the factors that could affect the timeline of a breach investigation.”
• Few-shot examples: Provide examples of previous incidents and effective responses to shape better answers.
• Output Formatting: Request structured outputs, like bullet points or tables, for clearer communication.

Claude vs ChatGPT: Which Works Better For This

Both Claude and ChatGPT have strengths in incident response. Claude is often better at generating detailed explanations, while ChatGPT excels in conversational context. Choose based on your specific needs: detailed reports vs. real-time assistance.

Tips for Getting Consistent Results

To enhance your AI interactions:

• Context Setting: Always provide relevant context to guide the AI’s responses.
• Specificity: Stay specific about what you need; vague queries yield vague responses.
• Iterative Refinement: Don’t hesitate to refine prompts based on the AI’s previous outputs to hone in on what you need.

Quick Reference: All Prompts in One Place

• “As a security analyst, I need you to help me create an incident response plan for a phishing attack…”
• “List the indicators of compromise (IoCs) we should look for in a ransomware attack…”
• “Generate an external communication template for informing stakeholders about a data breach…”