A Thousand and One Nights

Looking for ideas on how to use AI to assist with your security workload?

The following is a list of no less than one thousand prompts you can use for various infosec tasks. While it may not be an exhaustive list, it is however a thoughtful (and rather large) effort to identify prompts you might actually find useful in your day to day operations. At a minimum, I hope they will at least serve as a reference point for your future endeavors…

IMPORTANT - A number of these prompts require placing sensitive information (eg: from your SIEM logs) into the chat with your AI/LLM. You should only do so if you: a) have a secure connection to your provider b) have a verified security/privacy agreement between the AI/LLM provider and your organization (best case scenario is to run a private LLM locally).

Adversary Emulation Planning

Crafted for cybersecurity professionals using Generative AI to simulate real-world adversaries in red team exercises, purple teaming, and threat detection validation. These prompts help emulate TTPs from known threat actors, align with MITRE ATT&CK, and plan controlled-attack scenarios.

Create an adversary emulation plan for APT29 using MITRE ATT&CK techniques observed in recent campaigns.
Generate a red team simulation based on the LockBit ransomware attack chain including initial access, encryption, and exfiltration.
Develop a step-by-step adversary emulation script that mimics credential dumping using native Windows tools.
Write a simulation outline for a cloud-based attack involving AWS S3 misconfiguration and API key exfiltration.
Generate a purple team exercise plan using TTPs associated with the TA505 threat actor and map to MITRE ATT&CK.
Create a realistic spear-phishing scenario for red team testing that mirrors techniques used by FIN7.
Design an adversary emulation campaign focused on lateral movement using WMI and pass-the-hash.
Simulate a supply chain compromise scenario using techniques seen in the SolarWinds Orion breach.
Generate a simulation that tests defense against web shell deployments and reverse shell communication over HTTPS.
Develop a multi-stage adversary emulation plan involving malware staging, command-and-control, and data exfiltration.
Map each phase of this emulation scenario to MITRE ATT&CK tactics and assign detection objectives for blue team validation.
Create a week-long adversary simulation calendar that escalates in complexity over time for continuous blue team training.
Generate payload commands that simulate attacker behaviors without causing real damage, for red team validation exercises.
Develop a phishing-to-persistence adversary chain using scheduled tasks and malicious LNK files.
Write an emulation plan simulating APT41 activity targeting remote desktop services in hybrid environments.
Design a simulated insider threat scenario using data staging, privilege escalation, and unauthorized access to HR files.
Create an adversary behavior timeline with timestamps and artifacts expected to be seen in EDR and SIEM logs.
Produce a synthetic dataset that reflects adversary behavior across MITRE’s Initial Access, Execution, and Exfiltration tactics.
Design a red team scenario for testing endpoint defenses against fileless malware and LOLBins.
Generate an adversary playbook that uses domain fronting for C2 obfuscation and simulate its impact on network visibility.

AI Hallucination Detection in Security Contexts

Created for AI governance leaders, security architects, red teams, and risk managers using Generative AI to assess and mitigate risks from inaccurate or fabricated AI-generated security outputs, commonly known as AI hallucinations.

Generate a checklist to validate whether GenAI-generated security reports contain any unsupported claims or hallucinated IOCs.
Write a prompt to cross-reference AI-suggested MITRE ATT&CK mappings with verified threat intelligence sources.
Create a validation workflow to detect hallucinated CVEs or fake exploit chains produced by AI summarization tools.
Simulate a scenario where an AI-generated risk assessment falsely attributes a vulnerability to a cloud service.
Generate a security SOP for detecting and correcting AI hallucinations in automatically generated incident reports.
Write a policy draft explaining how to use human-in-the-loop verification when using AI to generate SIEM correlation rules.
Design a hallucination detection prompt to compare AI-created firewall optimization suggestions with actual configuration files.
Create a side-by-side report that contrasts hallucinated IOC artifacts from GenAI with verified entries from MISP.
Generate a checklist to verify AI-generated penetration test summaries against raw scanner outputs (e.g., Nessus, Burp).
Simulate a hallucination scenario where AI suggests a non-existent attack technique in a threat modeling workshop.
Write a GenAI prompt to detect inconsistencies in AI-generated compliance documentation for ISO 27001.
Create a hallucination audit log template for documenting and reporting security hallucinations discovered post- use.
Generate a table comparing hallucinated C2 domains from AI outputs vs. threat intel databases like VirusTotal and AlienVault OTX.
Simulate a GenAI assistant providing fabricated guidance on IAM hardening in AWS and generate the correct remediation.
Write a test case to evaluate hallucination risk in AI-generated phishing simulation emails.
Generate a briefing note to CISOs on AI hallucination risks in GenAI-assisted vulnerability prioritization workflows.
Create a validation protocol for AI-generated playbooks in SOAR platforms to ensure only executable steps are included.
Write a prompt that checks AI-generated threat actor profiles for references to non-existent APT groups or campaigns.
Develop an automated hallucination detection mechanism for LLM-generated code snippets embedded in security runbooks.
Simulate an enterprise risk scenario where AI hallucination leads to a misinformed decision on threat mitigation.

Audit Preparation and Evidence Collection

Tailored for compliance managers, IT auditors, GRC professionals, and cybersecurity leads using Generative AI to streamline audit readiness, documentation, and control evidence gathering for frameworks like ISO 27001, SOC 2, NIST, HIPAA, and PCI DSS.

Generate an audit readiness checklist for ISO 27001 certification including required documents and artifacts.
Create a summary of control evidence required for SOC 2 Type II including change management, access reviews, and incident response logs.
Write a prompt to compile audit evidence for MFA enforcement across VPN, email, and privileged admin consoles.
Generate a documentation tracker template for PCI DSS v4.0 compliance including evidence fields, owners, and due dates.
Create a report showing security training completion logs and user attestation for HIPAA compliance audit.
Write a prompt to extract EDR and SIEM activity logs as audit evidence for system monitoring controls.
Generate a data retention policy summary and link supporting logs for audit submission under GDPR Article 5.
Create an evidence collection prompt that pulls version history and approval records from change management systems (e.g., Jira, ServiceNow).
Write a checklist of encryption controls (at rest and in transit) and generate log evidence samples for auditors.
Generate a prompt to auto-collect screenshots and configurations from firewall, endpoint, and email gateways.
Create a template for attestation of user access reviews, including approver name, timestamp, and system covered.
Write an audit summary for vulnerability management showing patch cycles, open CVEs, and remediation timelines.
Generate a prompt to document third-party risk assessments and vendor security questionnaires as part of ISO 27001 Clause 15 evidence.
Create an automated workflow to gather password policy settings from AD, Okta, and Google Workspace for audit review.
Write a SOC audit support memo summarizing logical access control across cloud platforms with audit log references.
Generate a prompt to pull incident response records, escalation steps, and communications for the last 12 months.
Create a compliance binder template to organize audit documents by control category and include metadata for each artifact.
Write an evidence collection plan that maps internal controls to NIST 800-53 families and identifies log/system owners.
Generate a prompt for exporting data loss prevention (DLP) alerts and resolutions for quarterly audit sampling.
Create a GenAI-assisted prompt to produce a master index of audit artifacts with links to cloud storage, dates, and control IDs.

Blue Team Threat Defense Playbooks

Crafted for cybersecurity professionals using Generative AI to develop and customize detection, prevention, and response strategies. These prompts help blue teams generate defense tactics aligned with real-world threats and MITRE ATT&CK techniques.

Generate a blue team playbook for detecting and mitigating credential dumping via LSASS access.
Create a defense strategy for detecting lateral movement through remote WMI execution and blocking at the host level.
Write a blue team response playbook for detecting and isolating ransomware activity in its encryption stage.
Develop a playbook that triggers alerts when PowerShell logs indicate obfuscated command execution.
Generate a blue team detection plan for credential access attempts via NTLM relay.
Design a playbook for SIEM correlation rules that flag unusual file access patterns in sensitive directories.
Write an incident response playbook for Office document exploitation using macro-enabled files.
Create a blue team playbook to detect scheduled tasks created outside normal business hours.
Generate EDR detection logic for signs of LOLBins abuse like using ‘certutil’ or ‘mshta’ for downloading payloads.
Develop a playbook to automatically respond to DNS tunneling indicators in outbound traffic.
Create a blue team playbook for isolating compromised Azure AD accounts showing impossible travel or MFA abuse.
Generate a playbook for detecting persistence via registry run keys and scripting engine auto-start entries.
Write a cloud-native blue team defense playbook for detecting unauthorized IAM changes and permission escalation.
Design a threat defense playbook for identifying the use of fileless malware across endpoints.
Generate a detection playbook for detecting password spraying against remote login portals.
Write a defense strategy to respond to SMB brute-force attempts in Windows environments.
Create a playbook that monitors network traffic for encrypted outbound data flows to suspicious geolocations.
Develop a blue team checklist for identifying APT tactics using application layer protocol abuse.
Generate a workflow to contain endpoints exhibiting Beacon-like behavior from persistent C2 channels.
Write a playbook for hardening defenses against phishing attachment execution and initial access vectors.

Cloud Security Incident Simulation (AWS, Azure, GCP)

Designed for cloud security architects, DevSecOps teams, and SOC professionals using Generative AI to simulate, document, and analyze cloud-based security incidents across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Simulate an AWS security incident where an IAM user’s access key is leaked and used to exfiltrate S3 data.
Generate an incident response scenario involving Azure misconfigured storage accounts exposing PII to the public internet.
Create a GCP-based incident simulation involving a compromised service account with unrestricted API access.
Write a multi-cloud attack simulation where a threat actor pivots from an Azure VM into AWS via shared credentials.
Simulate an incident where EC2 instances are deployed with unpatched AMIs and exploited for crypto mining.
Generate a scenario where a GCP bucket without proper access controls is indexed and accessed by unauthorized users.
Create a cloud incident narrative involving elevated permissions being granted in Azure Active Directory without approval.
Write an alert simulation for detecting lateral movement between cloud workloads using VPC peering in AWS.
Simulate a cloud-native phishing campaign targeting Azure AD login portals and leading to credential compromise.
Generate a step-by-step response scenario for unauthorized CloudTrail disablement in AWS.
Create an incident drill where AWS Lambda functions are abused to exfiltrate data under the guise of normal business processes.
Simulate the compromise of a GCP Cloud Function used for processing customer support emails via privilege escalation.
Write a prompt to test detection of brute-force login attempts to Azure-hosted applications protected by conditional access.
Generate a red team cloud simulation where IAM roles are chained to escalate privileges in a serverless AWS app.
Develop a training scenario where SOC analysts respond to unauthorized Google Workspace OAuth integrations.
Simulate a misconfigured AWS Security Group allowing open RDP access and resulting in threat actor exploitation.
Create a cloud security incident response report for lateral movement within an Azure Kubernetes cluster.
Write a multi-stage attack scenario targeting GCP IAM bindings and cloud audit logs suppression.
Generate a timeline of events for a data breach caused by a GCP API key leak posted on a public GitHub repository.
Design an incident response drill where Azure Sentinel detects an unusual spike in data egress from an Azure SQL instance.

CVSS Scoring and Justification

Crafted specifically for cybersecurity professionals using Generative AI to assign, explain, and validate Common Vulnerability Scoring System (CVSS) scores. These prompts help interpret vulnerabilities using CVSS v3.1 metrics, assess exploitability, and align scoring with business context.

Calculate the CVSS v3.1 base score for CVE-2023-23415 using the metrics provided, and explain each scoring vector.
Given this vulnerability description, assign a CVSS vector and explain how Attack Vector (AV), Attack Complexity (AC), and Privileges Required (PR) were determined.
Generate a detailed justification for scoring a privilege escalation vulnerability with a CVSS score of 7.8.
Compare the CVSS scores of two vulnerabilities affecting the same system and explain why one is considered more severe.
Analyze this vulnerability in an unauthenticated remote service and generate the full CVSS vector string with reasoning.
Explain the environmental metric scoring for a web vulnerability discovered in a high-criticality e-commerce application.
Generate a CVSS scoring rationale for a denial-of-service vulnerability that affects availability but not confidentiality or integrity.
Evaluate whether this vulnerability qualifies as ‘Low’, ‘Medium’, ‘High’, or ‘Critical’ under CVSS, based on provided exploit details.
Using CVSS v3.1, score a vulnerability in an IoT device that allows remote code execution with user interaction and limited privileges.
Generate a report comparing CVSS base, temporal, and environmental scores for CVE-2022-26134 (Atlassian Confluence RCE).
Summarize the impact of the Scope (S) metric in this CVSS vector and provide examples of scope change in real world scenarios.
Write a training prompt explaining how to score vulnerabilities using CVSS v3.1 for SOC analysts new to vulnerability management.
Generate a vector and score for a vulnerability that requires local access, has a high integrity impact, and no availability impact.
Explain why a vulnerability with a low attack complexity can still have a high CVSS score if confidentiality and integrity impacts are high.
Based on this scan data, assign CVSS scores to each vulnerability and recommend which should be patched within 72 hours.
Create a justification template for reporting CVSS scoring to internal audit teams for quarterly vulnerability reviews.
Review these CVSS vectors and flag any inconsistencies between the stated attack complexity and required privileges.
Generate scoring logic and explanation for a cross-site scripting vulnerability on an internal-only application.
Explain the implications of scoring a vulnerability with a high availability impact in a healthcare setting under HIPAA.
Given a threat actor actively exploiting a CVE in the wild, adjust the temporal metrics and explain the scoring change.

Cyber Risk Assessment Reports

Crafted for cybersecurity professionals using Generative AI to generate structured, accurate, and actionable risk assessments. These prompts help identify vulnerabilities, evaluate business impact, and provide mitigation recommendations aligned with frameworks like ISO 27005, NIST SP 800-30, and FAIR.

Generate a cyber risk assessment report for an e-commerce platform, including threat likelihood, business impact, and mitigation strategy.
Summarize the top 5 cyber risks for a healthcare organization and align them with HIPAA compliance requirements.
Create a cyber risk matrix mapping probability and impact across various attack vectors like phishing, DDoS, and insider threats.
Write a formal cyber risk report that identifies vulnerabilities in a cloud-based CRM and categorizes risks by severity.
Using the NIST SP 800-30 framework, generate a risk assessment for unauthorized access to internal databases.
Generate a FAIR-based financial impact analysis for a ransomware attack targeting an enterprise’s ERP system.
Draft a risk summary highlighting third-party SaaS vendor risks, including access management and data exposure.
Write a cyber risk report for a small business highlighting low-cost mitigation strategies for top risks.
Create a cyber risk register entry for a known CVE in unpatched firewall software, including residual and inherent risk levels.
Summarize the cyber risks of adopting Generative AI tools in a regulated financial environment.
Generate a risk assessment report showing the impact of legacy systems on organizational cybersecurity posture.
Create a board-level summary of cyber risks related to remote work and BYOD policies.
Assess the cyber risks associated with misconfigured IAM roles in a multi-cloud environment.
Draft a comparative risk profile for phishing, credential stuffing, and man-in-the-middle attacks in retail.
Write a quarterly cyber risk trend report using anonymized alert data from a global SOC.
Generate a cyber risk assessment template with fields for threat source, affected assets, existing controls, and residual risk.
Summarize cyber risks of IoT deployments in manufacturing, with recommendations for segmentation and access control.
Create a cyber risk heat map and accompanying report for high-priority business units (e.g., finance, R&D, HR).
Evaluate the risk of shadow IT and recommend policies to control unsanctioned tool usage.
Draft a cyber risk report for regulatory submission, referencing ISO/IEC 27005 and your current risk treatment plan.

Cyber Threat Landscape Updates

Crafted for cybersecurity analysts, threat intelligence teams, CISOs, and red-blue teams using Generative AI to track, summarize, and communicate emerging threat actors, campaigns, vulnerabilities, and geopolitical cyber trends.

Summarize the top five emerging cyber threats reported in the last 30 days from global threat intelligence feeds.
Generate a weekly executive briefing on cyber threat landscape trends involving ransomware, state-sponsored attacks, and new vulnerabilities.
Create a regional cyber threat summary for Europe, focusing on activity from Russian APT groups targeting critical infrastructure.
Write a threat landscape update highlighting the misuse of generative AI tools for phishing, deepfakes, and social engineering.
Generate a prompt to extract key IOCs from the latest CISA, NCSC, and ENISA threat bulletins for April 2026.
Write a red team planning brief based on current TTPs used in recent campaigns attributed to APT29 and Volt Typhoon.
Create a monthly cyber threat landscape scorecard showing threat volume, sector targeting, and severity ratings.
Generate a narrative on the evolving threat from Chinese state-sponsored cyber-espionage focused on telecom and semiconductor firms.
Write a cybersecurity risk update based on geopolitical tensions, highlighting cyber impacts in energy, logistics, and government sectors.
Create a summary of new CVEs and their real-world exploitation observed in recent threat actor operations.
Generate a cross-sectoral threat landscape snapshot including ransomware trends, hacktivism, and insider threat indicators.
Write a daily threat intel update for SOC teams based on feeds from Mandiant, Recorded Future, and Anomali.
Create a cyber landscape forecast predicting threat vectors likely to impact financial services in Q2 2026.
Generate a cloud-specific cyber threat bulletin focused on misconfigured APIs, IAM abuse, and SaaS-targeted malware.
Write a summary correlating MITRE ATT&CK techniques used in recent attacks against healthcare organizations.
Generate a strategic update for executive leadership on the threat posed by North Korean cyber operations targeting crypto exchanges.
Create a narrative for an internal newsletter summarizing the month’s top five phishing kits and their distribution vectors.
Write a cyber threat update mapping recent DDoS campaigns to politically motivated groups and global events.
Generate a dashboard-ready narrative summarizing recent threats exploiting Microsoft, Cisco, and VMware zero- days.
Create a comparative report of the 2026 cyber threat landscape against 2025 trends to highlight escalation patterns.

Cybersecurity Budget Justification Prompts

Designed for CISOs, security program managers, finance liaisons, and GRC leads using Generative AI to articulate, defend, and prioritize cybersecurity investments through data-driven justifications and strategic alignment narratives.

Generate a cybersecurity budget justification memo for increasing SOC analyst headcount based on current alert volumes and MTTR metrics.
Create a business case for investing in a next-gen SIEM, highlighting limitations of the current system and ROI in detection coverage.
Write an executive briefing note justifying budget for Zero Trust implementation across identity, network, and device layers.
Generate a comparison summary showing risk reduction from past investments in EDR and the value of expanding coverage to all endpoints.
Create a cost-benefit analysis of upgrading legacy VPN systems to secure access service edge (SASE) platforms.
Write a justification document for a $500k investment in ransomware preparedness, including tabletop exercises, immutable backups, and IR tooling.
Generate a budget proposal for cloud security tools tailored to multi-cloud environments, including CSPM and CIEM platforms.
Create a justification report for renewing third-party risk management software with improved vendor scoring and automation.
Write a justification email to the CFO explaining why DLP tools are necessary for preventing insider data leaks in hybrid work environments.
Generate a board-level cybersecurity funding presentation linking requested investments to risk appetite, compliance gaps, and threat trends.
Write a justification memo comparing MSSP vs. internal SOC staffing expansion to improve after-hours threat response.
Create a budget proposal justifying increased phishing simulation and awareness training programs.
Generate a prompt to produce a cost avoidance analysis based on potential regulatory fines prevented by data protection investments.
Write a budget justification narrative for investing in threat intelligence feeds and enrichment tools.
Generate a prompt to calculate ROI from reduced incident response times after SOAR platform deployment.
Create a funding request for cybersecurity insurance premiums tied to risk modeling and control maturity levels.
Write a quarterly justification for sustained vulnerability management budget based on open CVE remediation metrics.
Generate a CAPEX vs. OPEX breakdown for security monitoring services and infrastructure modernization.
Create a prompt to develop a cybersecurity budget proposal aligned to NIST CSF or ISO 27001 control domains.
Write a multi-year cybersecurity investment roadmap and its justification tied to organizational digital transformation goals.

Data Loss Prevention (DLP) Scenario Generation

Tailored for cybersecurity experts, compliance leads, and SOC engineers using Generative AI to design realistic DLP use cases, detection scenarios, incident simulations, and policy validation exercises.

Generate a DLP scenario involving an employee attempting to email confidential financial reports to their personal Gmail account.
Create a DLP policy testing scenario where a user uploads customer PII to an unauthorized cloud storage platform.
Simulate a DLP violation where sensitive design blueprints are copied to an unencrypted USB drive.
Write a scenario where DLP detects credit card numbers in a spreadsheet attached to an outbound email.
Generate a scenario where a marketing employee tries to share internal documents with an external vendor via Slack.
Create a DLP policy validation use case for detecting accidental internal emails with unmasked Social Security numbers.
Simulate insider data leakage via printing of confidential HR documents from a workstation.
Design a DLP use case where an executive shares sensitive M&A details using a personal Dropbox account.
Write a scenario for testing endpoint DLP rules related to screenshots of classified information.
Generate a simulated incident involving bulk download of sensitive files prior to employee offboarding.
Create a scenario where DLP flags an attempt to post source code to GitHub from a corporate laptop.
Simulate a violation where internal pricing data is shared in plaintext via messaging apps like WhatsApp or Teams.
Draft a scenario where DLP prevents data exfiltration via use of base64-encoded attachments in outbound traffic.
Write a test scenario where a DLP agent must detect and block PII sent through HTTP form submissions.
Create a multi-step DLP alert simulation showing a user compressing sensitive files and transferring them over FTP.
Generate a risk-based scenario where a privileged user exfiltrates data using command-line utilities.
Simulate a cloud DLP scenario involving copying sensitive documents from Google Drive to a personal OneDrive account.
Write a training scenario where DLP alerts are generated by misconfigured OCR recognition of scanned legal contracts.
Generate a red team simulation prompt to test how DLP policies respond to data obfuscation techniques like hex encoding.
Create a post-incident analysis scenario of a successful DLP policy enforcement, including timeline and mitigation steps.

DevSecOps Automation Use Cases

Tailored for security engineers, DevOps architects, CI/CD pipeline owners, and compliance teams using Generative AI to enable security-as-code, automated policy enforcement, and secure software delivery across DevSecOps environments.

Generate an automation use case where code is scanned for secrets and API keys before being merged into the main branch.
Create a CI/CD pipeline integration that triggers SAST and DAST scans automatically on each pull request.
Write a use case for automating dependency vulnerability checks using tools like Snyk or OWASP Dependency- Check.
Generate a prompt to document automated compliance checks against CIS Benchmarks for containerized workloads.
Create an automation flow that blocks deployment if container images do not pass security policies defined in OPA or Kyverno.
Write a GenAI-assisted use case where cloud misconfigurations are identified and auto-remediated via Terraform scripts.
Generate a Jenkins pipeline extension that runs infrastructure-as-code (IaC) scans before provisioning cloud resources.
Create a use case for integrating GitHub Actions with security gates for code signing and artifact integrity.
Write an automation workflow for rotating secrets and credentials in GitLab CI/CD pipelines using HashiCorp Vault.
Generate a use case where policy-as-code is enforced through automated PR reviews in Git repositories.
Create an alerting workflow where security issues in Dockerfiles are flagged via Slack or Teams notifications.
Write a prompt for auto-generating security baselines for Kubernetes workloads using automated CIS scans.
Generate a use case that automatically tags and quarantines non-compliant infrastructure during CI/CD builds.
Create a use case where a GenAI agent summarizes IaC scan results and provides pull request comments with mitigation advice.
Write a scenario where automated SBOM (Software Bill of Materials) generation is enforced as part of the pipeline.
Generate a use case to enforce secure coding practices via auto-linting and AI-assisted code suggestions.
Create a DevSecOps flow that integrates threat modeling and abuse case generation during agile sprint planning.
Write a prompt to simulate pre-deployment risk scoring of applications using combined code and cloud posture analysis.
Generate an end-to-end DevSecOps dashboard that tracks security gates, failed policies, and remediation SLAs.
Create a blueprint for integrating GenAI with GitOps to enforce security guardrails during continuous delivery.

Digital Forensics Summary Prompts

Crafted for incident responders, forensic analysts, and SOC teams using Generative AI to create accurate, case-based digital forensics summaries from logs, disk images, memory dumps, and investigation reports. These prompts support both internal response and legal evidence documentation.

Generate a summary of forensic findings from a Windows host infected with ransomware, including encryption timeline and artifacts.
Create a digital forensics report summarizing browser history, download activity, and suspicious plug-ins from a compromised system.
Write a summary of email header forensics in a phishing case, identifying spoofed domains and malicious links.
Generate a timeline of lateral movement using host logs, MFT (Master File Table), and Sysmon telemetry.
Summarize memory dump analysis revealing injected processes, persistence mechanisms, and unlinked DLLs.
Create a forensics summary of USB device activity from registry keys and event logs for insider data theft investigation.
Write a concise narrative of deleted file recovery and metadata analysis from a Linux disk image.
Generate a forensics report detailing malware execution path from browser exploit to PowerShell persistence.
Create a summary of forensic evidence supporting credential harvesting via keylogger or clipboard capture malware.
Write a forensic reconstruction of exfiltration activity using proxy logs, netflow data, and command history.
Generate a prompt to summarize NTFS $LogFile and $USN Journal findings from a breached endpoint.
Create a high-level summary of forensic triage from a corporate laptop seized during a suspected insider threat case.
Write a GenAI-assisted timeline of key user actions leading up to and after a ransomware detonation.
Generate a forensics summary from forensic image carving showing hidden or obfuscated files.
Write a case-based summary of forensic results from compromised IoT or OT devices in a manufacturing plant.
Create a prompt for summarizing artifacts from volatile memory, highlighting C2 communications and shellcode execution.
Write a report comparing MD5/SHA256 file hash mismatches across baseline vs. compromised system images.
Generate a digital forensics narrative aligning collected evidence with MITRE ATT&CK stages of the attacker lifecycle.
Create a courtroom-ready forensics summary with chain of custody, evidence description, and integrity checks.
Write a summary of key findings from mobile device forensics, including app usage, GPS data, and deleted messages.

DNS Anomaly Detection

Tailored for SOC analysts, network defenders, and detection engineers using Generative AI to monitor, investigate, and generate detection logic around Domain Name System (DNS) misuse, including tunneling, C2 communication, and beaconing behaviors.

Analyze this DNS query log and generate a summary of domains exhibiting high entropy indicative of DNS tunneling.
Create a detection rule to flag repetitive TXT record lookups from a single endpoint over a short period.
Write a summary of beaconing behavior seen in DNS logs, including regular query intervals and dynamic subdomain usage.
Simulate a scenario where a compromised host uses DNS A records for covert data exfiltration.
Generate a detection alert for DNS requests using unusually long or base64-encoded subdomain strings.
Write a SIEM correlation rule to identify outbound DNS traffic patterns linked to known C2 domains.
Summarize anomalies in DNS traffic volume per host compared to baselined behavior and working hours.
Generate a prompt for identifying DNS queries to dynamic DGA (domain generation algorithm)-based domains.
Simulate a threat scenario where malware avoids detection by using DNS over HTTPS (DoH) for callback communications.
Create a detection playbook that monitors failed DNS lookups for newly registered domains.
Generate an alert when a non-DNS server IP address suddenly starts resolving external domains.
Summarize potential exfiltration attempts through successive DNS TXT record usage.
Write a SOC playbook entry for investigating DNS anomalies from cloud-hosted endpoints.
Create a network heat map visualization prompt that plots frequency of DNS queries by TLD (e.g., .xyz, .tk, .info).
Generate a prompt to identify DNS queries with high variance in domain names queried by a single host.
Write a detection rule for burst DNS activity followed by periods of silence, a pattern often linked to malware beacons.
Simulate DNS log analysis that reveals non-existent domain (NXDOMAIN) responses from known C2 infrastructure.
Draft a DNS anomaly report for outbound queries to parked or sinkholed domains by internal workstations.
Generate a forensic summary of DNS anomalies observed before, during, and after a known data breach event.
Create an automated GenAI prompt for detecting suspicious domains queried shortly after phishing email delivery.

EDR Log Interpretation

Tailored for cybersecurity professionals using Generative AI to automate the interpretation, correlation, and summarization of Endpoint Detection and Response (EDR) logs. These prompts are applicable to tools like CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, and Carbon Black.

Analyze the EDR logs from endpoint WIN-332 and summarize any suspicious process activity, including parent- child relationships.
Review these EDR telemetry logs and identify signs of credential dumping, DLL injection, or process hollowing.
Interpret this sequence of endpoint events and determine if it aligns with MITRE ATT&CK technique T1059 (Command and Scripting Interpreter).
Summarize behavioral anomalies observed in this EDR session, including lateral movement attempts or privilege escalation.
Correlate PowerShell executions in this EDR dataset with any known attacker TTPs or threat actor profiles.
Extract and summarize fileless malware activity from the following EDR telemetry collected over a 2-hour window.
Interpret the following EDR log entries and detect any indicators of ransomware behavior, including file renaming and mass encryption.
Analyze suspicious persistence mechanisms detected in this EDR data and provide containment recommendations.
Generate a forensic summary of this endpoint activity, focusing on abnormal registry modifications and system configurations.
Review process injection attempts from the EDR logs and suggest next steps for incident triage.
Given these raw EDR logs, identify any suspicious parent-child process trees indicative of LOLBins usage.
Summarize EDR alerts from a group of hosts and group them by similar attack patterns or exploited techniques.
Analyze endpoint behavior and determine if this is indicative of an initial access vector like phishing or removable media.
Extract all anomalous command-line executions from the provided logs and match them to potential ATT&CK techniques.
Interpret Defender for Endpoint logs showing token impersonation activity and recommend mitigation.
Summarize evidence of potential rootkit installation attempts found in the following kernel-level EDR telemetry.
Analyze outbound network connections initiated from endpoints as seen in EDR logs and flag any beaconing behavior.
Generate a detection summary from EDR logs that identifies malware staging behavior or dropper activity.
Given a series of file access logs from EDR, determine if there is unauthorized access to sensitive or restricted directories.
Create a timeline of suspicious endpoint events from EDR logs, including timestamps, user activity, and impact scope.

Executive Cybersecurity Briefs

Tailored for CISOs, security program managers, and cyber risk advisors using Generative AI to create clear, concise, and impactful cybersecurity reports and summaries for executive leadership. These prompts focus on business risk, security posture, regulatory impact, and strategic recommendations.

Generate a one-page executive summary outlining recent cyber incidents and their business impact across departments.
Write a quarterly cybersecurity risk briefing for the board, including emerging threats, mitigation progress, and risk posture trends.
Create a slide deck brief that communicates the value of recent SIEM and SOAR investments to non-technical executives.
Generate a CISO briefing note summarizing current threat landscape shifts and key recommendations for Q2.
Write a summary comparing actual SOC KPIs (MTTD, MTTR, alert volume) to quarterly benchmarks and goals.
Create a high-level report for executives outlining top risks related to third-party vendors and cloud data exposure.
Draft a business case brief supporting additional cybersecurity budget for endpoint detection and response tooling.
Generate an executive-friendly briefing on Zero Trust implementation status, business benefits, and compliance alignment.
Summarize a ransomware incident’s impact on operations, customer trust, and revenue for executive presentation.
Create an executive report summarizing vulnerability management KPIs and patch compliance metrics.
Write a cybersecurity posture overview including coverage maps for NIST CSF domains and residual risks.
Generate a one-slide talking point for the CEO to summarize how the organization handled a recent cyber drill.
Write a strategic recommendation memo to the CIO outlining necessary identity and access management improvements.
Create an executive brief on the business implications of upcoming data privacy regulations (e.g., DPDPA, GDPR updates).
Summarize incident trends from the past six months and highlight key themes for quarterly CISO reporting.
Generate a security maturity scorecard across governance, detection, response, and awareness pillars.
Write a plain-language summary explaining the importance of threat hunting activities to a non-technical executive.
Create an executive-level comparison of recent cyber insurance claim scenarios and current policy gaps.
Generate a briefing note on GenAI risks and controls for board-level cybersecurity strategy discussion.
Draft a one-page executive cybersecurity health check summary including program highlights, gaps, and next steps.

Firewall Rule Optimization Prompts

Created for network security engineers, SOC analysts, and compliance teams using Generative AI to review, streamline, and validate firewall rule sets across on-premise and cloud environments. These prompts help in reducing risk, enhancing performance, and aligning with security policies.

Analyze this firewall rule set and identify unused or shadowed rules that can be safely removed.
Generate a report summarizing overly permissive firewall rules that violate least privilege principles.
Write a prompt to suggest segmentation improvements based on current firewall rules between internal subnets.
Summarize risky ‘any-any’ firewall rules and recommend granular replacements based on traffic analysis.
Create a cleanup plan for a legacy firewall configuration with redundant rules and deprecated IP ranges.
Generate optimized firewall rules for a DMZ hosting web, app, and database servers, ensuring layered access control.
Review this rule allowing SSH from all IPs and recommend a secure alternative using jump hosts and whitelisting.
Simulate a misconfiguration scenario where duplicate NAT rules interfere with application routing.
Analyze firewall logs and generate rule suggestions to block repeated port scanning attempts from external sources.
Generate a checklist for quarterly firewall rule audits including policy review, hit count analysis, and compliance mapping.
Write a prompt to verify whether current outbound firewall rules prevent data exfiltration over non-standard ports.
Design rule logic for segmenting access between finance and R&D departments while allowing IT monitoring.
Review a flat network firewall rule base and generate a micro-segmentation enforcement strategy.
Create a matrix of firewall rules and map each one to associated business applications and owners.
Generate a compliance-focused review of firewall rules in relation to PCI DSS Requirement 1.
Simulate a rule conflict scenario in a next-gen firewall and provide a resolution strategy to avoid application outages.
Create a policy-based firewall ruleset for a cloud-native environment using tags and identity-based access.
Generate a prompt to monitor expired rule exceptions and alert stakeholders for renewal or removal.
Write a prompt to summarize all rules that allow unrestricted outbound internet access and recommend remediation.
Design a firewall rule optimization playbook with steps for rule ranking, consolidation, and exception tracking.

GenAI Security Risk Modeling and Governance

Tailored for CISOs, AI ethics officers, GRC leaders, and technical security teams using Generative AI to support risk modeling, policy formation, and secure AI deployment practices aligned with frameworks like ISO/IEC 42001, NIST AI RMF, and EU AI Act.

Generate a security risk model for GenAI systems used in financial services, including risk sources, controls, and residual risk.
Create a governance framework outline for responsible GenAI use in cybersecurity automation tools.
Write a threat modeling prompt for GenAI pipelines exposed to prompt injection, data poisoning, and model inversion attacks.
Generate a GenAI-specific risk register with likelihood, impact, and control maturity for 10 known security concerns.
Create a risk treatment plan addressing over-permissive access, model drift, and unmonitored API usage in GenAI deployments.
Write a governance policy section for auditing and logging AI system interactions within security-critical environments.
Generate a compliance alignment matrix mapping GenAI use cases to ISO/IEC 42001 clauses and required safeguards.
Create a prompt to evaluate the ethical and security implications of using GenAI in customer-facing chatbots.
Write a scenario analysis for potential misuse of GenAI in insider threat contexts and recommended mitigations.
Generate a GenAI risk scoring model that factors data sensitivity, access vectors, human oversight, and model transparency.
Create a security policy update incorporating GenAI into secure software development lifecycle (SDLC) processes.
Write a prompt that simulates a risk governance board review of a GenAI deployment in regulatory environments.
Generate a use case risk checklist for fine-tuned GenAI models trained on internal customer service logs.
Create a prompt to assess the need for role-based access control in prompt management and model output review.
Write a risk governance summary comparing open-source GenAI model risks versus proprietary hosted alternatives.
Generate a model usage policy requiring human-in-the-loop verification for critical security decisions proposed by GenAI.
Create a risk analysis table evaluating GenAI usage in threat detection versus risks of false positives and hallucinations.
Write a governance communication plan to educate staff on risks, restrictions, and escalation paths related to GenAI use.
Generate a quarterly GenAI risk review board report summarizing incidents, new use cases, and control enhancements.
Create a policy enforcement playbook ensuring secure prompts, output validation, and risk tagging for GenAI- generated content.

GenAI-Powered Compliance Gap Checks

Tailored for GRC professionals, auditors, compliance officers, and security architects using Generative AI to identify, summarize, and track compliance control gaps across regulations like ISO 27001, NIST, SOC 2, HIPAA, PCI DSS, and emerging AI governance standards.

Generate a compliance gap checklist by comparing implemented controls against ISO/IEC 27001 Annex A requirements.
Create a GenAI-assisted summary identifying missing HIPAA Security Rule controls for a mid-sized healthcare provider.
Write a NIST SP 800-53 gap report that highlights partially implemented controls, control owners, and remediation plans.
Generate a SOC 2 readiness report identifying control gaps across Security, Availability, and Confidentiality Trust Criteria.
Create a crosswalk prompt mapping implemented technical controls to GDPR Article 32 and flagging missing safeguards.
Write a compliance scorecard showing percentage of PCI DSS v4.0 control coverage by business unit.
Generate a compliance matrix comparing evidence artifacts available versus those required for a successful ISO 27001 audit.
Create a prompt to detect inconsistencies between documented policies and actual system configurations.
Write a report summarizing AI system compliance gaps with ISO/IEC 42001 (AI management system standard).
Generate a visual gap analysis using color-coded categories: compliant, partial, not implemented, and unknown.
Create a prompt to extract and compare endpoint security configurations against NIST CSF ‘Protect’ function requirements.
Write a gap analysis memo identifying discrepancies in MFA deployment versus policy requirements across departments.
Generate a template to track open compliance gaps, responsible teams, remediation deadlines, and risk scores.
Create a quarterly compliance audit readiness summary based on automated GenAI checks across control domains.
Write a GenAI-powered checklist for identifying missing controls in DevOps pipelines under SOC 2 compliance.
Generate a GDPR compliance check report focused on data minimization, retention, and access controls.
Create a prompt to compare vendor-provided attestation documents against required clauses in ISO 27001 A.15.
Write a compliance dashboard update summarizing control maturity improvements and remaining high-risk gaps.
Generate a GenAI-enhanced questionnaire to identify privacy control gaps under CCPA and CPRA.
Create a compliance remediation roadmap prioritized by regulatory risk exposure and audit impact.

Identity and Access Management (IAM) Prompts

Specifically designed for cybersecurity architects, SOC teams, auditors, and IAM administrators using Generative AI to assess, simulate, document, and improve IAM processes, controls, and detection logic.

Generate an access control matrix for a SaaS platform showing user roles, privileges, and associated business functions.
Create a scenario where IAM policies fail to prevent privilege escalation due to misconfigured roles in AWS.
Simulate an audit request response documenting how least privilege is enforced across user groups and service accounts.
Write a prompt that tests conditional access policies for blocking legacy authentication protocols.
Draft a role-based access control (RBAC) design for a multi-department organization with finance, HR, and IT teams.
Generate a test scenario for overprivileged Azure AD guest accounts with expired access requests.
Create an IAM policy review checklist for quarterly governance audits in compliance with ISO 27001 A.9.
Write a summary report of detected anomalies in identity usage patterns, including impossible travel and location mismatches.
Simulate a password spraying detection scenario with IAM logs showing failed login attempts across multiple endpoints.
Generate a user onboarding and offboarding checklist with IAM integration for HR and IT workflows.
Create a JSON representation of IAM permissions for a cloud storage bucket, then highlight violations of least privilege.
Write an identity federation simulation using SAML/SSO across three SaaS vendors and explain the security trade- offs.
Draft an IAM audit report detailing inactive user accounts, orphaned credentials, and access review findings.
Generate a simulation of compromised credentials being used across multiple cloud tenants with audit log correlation.
Design IAM policies for a DevOps environment using ephemeral access and just-in-time (JIT) permissions.
Write a prompt to simulate detection of privilege creep over a six-month user access change history.
Create an IAM hardening guide for securing service accounts with non-expiring credentials in legacy systems.
Generate a SOC alert playbook for real-time IAM alerts such as account lockouts, access revocations, and privilege elevation.
Write a training prompt explaining MFA fatigue attacks and how IAM systems can detect and block them.
Produce a quarterly IAM compliance dashboard summarizing user reviews, policy exceptions, and risk ratings.

Incident Response Reporting

Tailored for cybersecurity professionals leveraging Generative AI to automate, standardize, and accelerate the creation of incident reports based on frameworks such as NIST 800-61, MITRE ATT&CK, ISO/IEC 27035, and internal SOC standards.

Generate a NIST 800-61 formatted incident report for a phishing attack targeting finance department users. Include detection, containment, and lessons learned.
Summarize the full lifecycle of this malware infection incident, from initial access to remediation, and provide visual timeline markers.
Draft a formal incident report for an Azure AD login anomaly detected from a high-risk geolocation, including risk rating and TTPs used.
Create an executive summary of this security incident suitable for board-level reporting. Focus on business impact and containment actions.
Generate a compliance-ready report for a GDPR-relevant data breach involving unauthorized access to customer records.
Write an incident report for a ransomware event, highlighting initial vector, affected assets, encryption timeline, and response actions.
Summarize this brute-force attack report with sections for Indicators of Compromise (IOCs), detection timeline, and remediation steps.
Draft an incident escalation report for internal legal and compliance teams regarding unauthorized database queries by an insider.
Produce an incident report template that includes sections for attack classification, scope, incident handler names, and next steps.
Generate a detailed post-incident analysis for a zero-day exploit affecting remote access software across multiple endpoints.
Write a one-page incident summary for use in internal awareness training, based on this phishing attack incident.
Document a failed cyber attack attempt involving spear-phishing and describe why it failed, focusing on defenses that worked.
Generate a PDF-style incident report that integrates MITRE ATT&CK technique mappings and SOC response workflow references.
Create an audit-ready narrative for a multi-vector attack involving phishing, credential theft, and lateral movement.
Draft a follow-up report for an incident closed after 48 hours, summarizing the timeline and threat eradication confirmation.
Write a retrospective incident report analyzing the gaps in alert detection and how they delayed the response.
Generate a SOC analyst summary after responding to this critical alert involving unauthorized PowerShell execution and persistence.
Summarize this cloud API key leakage incident, including attack vector, remediation, and steps to prevent recurrence.
Write a redacted incident report version that can be safely shared with third-party stakeholders without exposing internal vulnerabilities.
Generate a weekly incident report overview highlighting top incidents by category, severity, and affected business units.

Insider Threat Simulation

Crafted for cybersecurity teams, red teamers, and GRC professionals using Generative AI to simulate, detect, and analyze insider threat behaviors, including accidental data exposure, malicious actors, and policy violations from trusted users.

Simulate a scenario where a departing employee downloads sensitive customer data shortly before resignation.
Generate a timeline of events for an insider threat involving the misuse of privileged access to view executive emails.
Create an insider threat use case where an HR team member accidentally sends unencrypted PII to a third-party vendor.
Design a red team simulation prompt to test DLP and SIEM effectiveness against insider file uploads to Dropbox.
Write a scenario involving a compromised employee account used to access source code repositories after hours.
Generate a behavior-based alert simulation for an insider gradually escalating access permissions using ticket requests.
Simulate a malicious insider threat where sensitive financial reports are exfiltrated using a steganography technique.
Create a use case where an intern shares internal product documents via Google Drive links without access restrictions.
Write a scenario in which a trusted third-party contractor accesses unauthorized project data in violation of NDA terms.
Generate a SOC alert simulation for printing large volumes of HR files and accessing them outside business hours.
Simulate a detection scenario where unusual access to marketing campaign data is detected during a competitor job search.
Create a training prompt to explain how behavioral analytics can identify anomalous data access by insiders.
Write a post-incident report for an insider threat event involving shared credentials and data deletion.
Develop a simulation where disgruntled staff deletes configuration files and attempts to disable monitoring agents.
Generate an insider threat scenario where access to M&A files triggers a chain of alerts across EDR, DLP, and IAM systems.
Simulate a scenario where cloud storage logs show abnormal download activity from a low-risk department user.
Create a phishing response simulation where the insider unknowingly installs spyware that later extracts customer records.
Write a quarterly insider threat assessment summary including categories like careless, malicious, and collusive actors.
Design a cross-department simulation to identify collaboration abuse where internal documents are intentionally leaked.
Generate a use case showing how GenAI tools can help correlate behavioral, access, and anomaly logs for insider threat detection.

IOC Extraction and Formatting

Designed for cybersecurity professionals using Generative AI to extract, classify, format, and normalize Indicators of Compromise (IOCs) from logs, reports, alerts, and threat intelligence documents. These prompts support the creation of structured IOC feeds that can be integrated into SIEMs, TIPs, and EDR platforms.

Extract all IP addresses, domain names, file hashes, and email addresses from this incident report and organize them into a structured IOC table.
Parse this EDR alert and extract all relevant IOCs including processes, registry keys, and dropped file names.
From this threat intel PDF, extract indicators and classify them as IP, domain, URL, hash, or file path.
Summarize all IOCs from this SIEM log sample and present them in STIX/TAXII-compatible JSON format.
Given this email header and body, extract phishing-related IOCs and categorize them by IOC type and risk level.
Generate a CSV file from this text dump containing IOCs with columns for Type, Value, Source, and Confidence Score.
Convert these unstructured IOCs into a standardized MISP format with appropriate tags and timestamps.
Extract all file hashes and their associated filenames from these sandbox execution logs and normalize them using SHA-256 format.
From this web proxy log, extract malicious URLs and group them by destination domain and path.
Identify all IOCs from this JSON alert feed and remove duplicates before exporting into IOC feed format.
Extract and format IOCs from a Slack conversation related to a suspected breach. Include time of mention and user role if possible.
Summarize the IOCs from this endpoint alert and present them in a table with MITRE ATT&CK mappings.
Normalize the extracted IOCs into Splunk lookup file format and include source confidence ratings.
Create a YAML block with formatted IOCs for ingestion into Palo Alto Cortex XSOAR.
Given this threat actor dossier, extract all historically used IOCs and organize them chronologically.
Generate a markdown IOC summary from this MISP threat feed update for analyst briefings.
Format these indicators for integration into Suricata IDS rule sets, including correct syntax for domains and IPs.
Extract IOCs from these log files, tag them with detection context (e.g., lateral movement, exfiltration), and export to CSV.
Build a table that separates active vs. historical IOCs based on this threat campaign report.
Review these virus scan reports and extract suspicious filenames and registry entries. Format the output for use in EDR IOC enrichment.

ISO 27001 and NIST Compliance Documentation

Created for cybersecurity and governance professionals using Generative AI to develop, audit, and manage compliance documentation aligned with ISO/IEC 27001, NIST SP 800-53, NIST CSF, and related standards. These prompts are ideal for drafting evidence documents, control narratives, audit-ready summaries, and crosswalks.

Generate a control implementation narrative for ISO/IEC 27001 Annex A.9.1 (Access Control Policy) with supporting evidence examples.
Create a compliance checklist mapping NIST SP 800-53 controls to implemented security measures in a hybrid cloud environment.
Draft an audit summary report outlining compliance status across ISO 27001 Annex A domains for an annual internal review.
Generate evidence documentation showing adherence to ISO 27001 A.12.6.1 (Technical Vulnerability Management).
Write a NIST SP 800-53 control justification document for AC-2 (Account Management) including system-specific procedures.
Create a crosswalk matrix mapping ISO/IEC 27001 controls to NIST Cybersecurity Framework (CSF) categories.
Draft a Statement of Applicability (SoA) template for ISO 27001 showing selected, excluded, and partially implemented controls.
Generate a NIST-based Plan of Action and Milestones (POA&M) for gaps found during a security assessment.
Write a data protection impact assessment (DPIA) aligned with ISO 27001 and NIST Privacy Framework requirements.
Create an internal audit template for ISO 27001 that includes control objectives, evidence fields, and compliance scores.
Summarize the organization’s alignment with NIST CSF ‘Protect’ function and recommend enhancements.
Generate a corrective action plan for partial compliance with ISO 27001 A.11.2.1 (Physical Entry Controls).
Write a control effectiveness narrative for NIST SI-4 (System Monitoring) with real-world implementation examples.
Develop a quarterly compliance dashboard report using ISO 27001 clauses as reporting categories.
Create a policy compliance mapping document showing how existing policies address ISO 27001 Annex A controls.
Generate a training log and evidence summary for ISO 27001 Clause 7.2 (Competence).
Write a readiness assessment report for a company preparing for ISO 27001 certification.
Generate a risk treatment plan aligned with ISO/IEC 27005 and map it to ISO 27001 A.6.1.3.
Create a documentation package for NIST control AU-6 (Audit Review, Analysis, and Reporting) with procedures and tools used.
Summarize internal controls and policies that support compliance with NIST IR 8183 (Cybersecurity Framework Manufacturing Profile).

Kubernetes Security Scenarios

Crafted for cloud security engineers, DevSecOps teams, and infrastructure specialists using Generative AI to simulate, detect, and secure Kubernetes (K8s) clusters against misconfigurations, runtime threats, and supply chain attacks.

Simulate a Kubernetes incident where a misconfigured pod allows privilege escalation and hostPath access to the underlying node.
Generate a threat scenario involving unauthorized access to the Kubernetes dashboard due to lack of RBAC restrictions.
Create a simulation where a compromised container escapes its namespace and impacts other workloads in the same cluster.
Write a scenario where Kubernetes audit logs reveal repeated failed access attempts to a secret volume mount.
Generate a runtime attack simulation where a pod pulls a malicious container image from an untrusted registry.
Simulate an insider threat where a developer applies a Kubernetes manifest that includes a backdoored init container.
Create a detection rule simulation for identifying containers executing base64-encoded commands or reverse shells.
Write a prompt for simulating data exfiltration from Kubernetes via a misconfigured LoadBalancer service.
Design a scenario where Kubernetes secrets are mounted in plaintext and accessed by a compromised sidecar container.
Generate a misconfiguration case study where cluster-wide network policies are not enforced, allowing unrestricted east-west traffic.
Simulate an attack chain beginning with compromised Helm chart dependencies leading to container compromise.
Write a scenario where attackers exploit insecure kubelet ports to access sensitive container metrics and logs.
Create a forensic investigation prompt for analyzing anomalous activity in a failed pod crashloop scenario.
Generate a prompt simulating the abuse of Kubernetes admission controllers to inject malicious policies.
Simulate a cloud-native supply chain attack through a malicious Kubernetes operator with elevated permissions.
Create a red team drill where a pod with a writable hostPath modifies key configuration files on the node.
Write a security response workflow for the detection of crypto mining containers running in ephemeral pods.
Generate an alert simulation based on pod-to-pod traffic analysis revealing lateral movement across namespaces.
Simulate the accidental exposure of a Kubernetes admin kubeconfig file in a public Git repository.
Create a blue team incident response plan for unauthorized API server access attempts and kube-audit log anomalies.

Log Analysis for Lateral Movement

Designed for SOC analysts, threat hunters, and incident responders using Generative AI to detect, summarize, and document signs of lateral movement across enterprise environments using EDR, SIEM, and authentication logs.

Analyze Windows Event Logs to identify signs of lateral movement through RDP logins between internal hosts.
Summarize this set of authentication logs to detect pass-the-hash activity across domain controllers.
Generate an analysis report of SMB connection logs showing anomalous use of administrative shares from non-IT users.
Correlate these Kerberos ticket logs to highlight potential overpass-the-hash or Golden Ticket attacks.
Create a timeline of lateral movement by mapping host-to-host access using workstation logon events (Event ID 4624).
Summarize PowerShell logs and Sysmon data to identify remote execution attempts using Invoke-Command or PsExec.
Analyze failed and successful logon attempts across multiple endpoints and identify patterns indicating credential reuse.
Generate a summary report showing pivot activity across VLANs using VPN or internal proxy logs.
Simulate a scenario where lateral movement occurs using WMI-based remote command execution between servers.
Summarize unusual parent-child process relationships across endpoints that may indicate remote payload deployment.
Write a detection analysis highlighting lateral movement using Scheduled Tasks created remotely via RPC.
Analyze Windows Firewall logs to find lateral traffic originating from low-privilege endpoints accessing high value assets.
Generate a detection narrative involving the use of stolen credentials for lateral access via interactive logons.
Summarize Sysmon Event ID 3 (Network Connections) logs to track lateral movement paths between hosts.
Write a prompt to analyze endpoint telemetry and identify use of native Windows tools like net.exe and at.exe for remote tasking.
Simulate detection of lateral movement where registry modifications enable remote service creation.
Summarize how this alert set indicates potential lateral movement in a hybrid cloud environment using on-prem to cloud pivoting.
Generate a heat map of internal host access frequency and flag unusual increases in inter-host activity.
Correlate SIEM alert logs with EDR telemetry to reconstruct lateral movement after phishing-induced compromise.
Create a detection-focused summary of lateral movement involving AD enumeration, remote service creation, and credential theft.

Malware Reverse Engineering Summaries

Crafted for malware analysts, reverse engineers, and SOC teams using Generative AI to assist in summarizing static and dynamic analysis of malware samples, behavioral findings, unpacking techniques, and TTP correlations.

Summarize the static analysis results of this malware sample, including identified strings, PE headers, and import table anomalies.
Generate a high-level summary of this malware’s behavior in a sandbox environment, including file drops, registry edits, and network callbacks.
Analyze this decompiled shellcode and summarize its obfuscation, encryption techniques, and execution flow.
Write a summary report on malware sample X showing how it injects into explorer.exe using process hollowing.
Generate a behavioral summary of a ransomware sample including encryption method, file extensions targeted, and ransom note content.
Create a narrative explaining the unpacking steps required to reach the payload in a packed malware binary.
Summarize the command and control (C2) communication technique used by this sample, including DNS tunneling indicators.
Explain the API calls and system functions used by this malware to persist across reboots.
Write a reverse engineering summary of a remote access Trojan (RAT) that uses clipboard monitoring and screen capture.
Generate a sectioned report outlining malware’s anti-analysis techniques such as debugger detection and sandbox evasion.
Summarize the role of a dropped DLL component and its execution as part of the malware’s multi-stage attack chain.
Write a summary correlating malware behavior with MITRE ATT&CK techniques across Initial Access, Persistence, and Exfiltration.
Generate a comparison between two malware variants showing differences in obfuscation, payload, and target system behavior.
Simulate dynamic malware execution and summarize system-level changes such as file system artifacts and memory injection.
Create a detailed summary of a malware downloader component that retrieves and executes second-stage payloads.
Write a forensic summary highlighting registry persistence methods and keys modified by this malware strain.
Generate a reverse engineering overview of how a keylogger module captures keystrokes and transmits logs to its C2.
Summarize a multi-stage malware infection chain beginning with a malicious Excel macro and ending with remote shell access.
Write a malware threat intelligence report summarizing hash values, mutex names, C2 domains, and behavior signatures.
Create a summary explaining how this malware uses living-off-the-land binaries (LOLBins) to avoid detection.

MITRE ATT&CK Mapping and Overlay Creation

Designed for cybersecurity professionals using Generative AI to automatically map threats, incidents, and attack chains to the MITRE ATT&CK framework, and to generate visual overlays for strategic threat analysis and simulation.

Map the techniques used in this ransomware incident to MITRE ATT&CK and generate a JSON overlay for Navigator.
Given this incident report, identify the MITRE ATT&CK tactics and techniques involved and explain each one with its ID.
Create an ATT&CK Navigator JSON file highlighting techniques from a phishing to lateral movement attack chain.
Generate a heat map overlay in MITRE ATT&CK Navigator to show the most frequently used techniques in our environment based on the last 30 days of alerts.
Analyze this set of endpoint events and correlate them with MITRE ATT&CK sub-techniques. Suggest visibility gaps.
Summarize an APT29 campaign using MITRE ATT&CK mappings and provide a color-coded overlay indicating detection, response, and prevention coverage.
Based on the TTPs in this red team engagement report, generate a layer for MITRE ATT&CK Navigator identifying all used techniques.
Review this threat intelligence feed and extract all referenced MITRE techniques and tactic stages for overlay generation.
Generate a MITRE ATT&CK matrix focused on initial access and execution techniques relevant to cloud-based infrastructure.
Create a JSON layer for ATT&CK Navigator showing the techniques exploited during this credential dumping scenario.
Identify MITRE ATT&CK techniques missing from our SIEM detection rules based on this audit report and suggest queries to close the gaps.
Map these EDR-detected events to MITRE ATT&CK and produce an overlay that color codes techniques by detection confidence.
Design an ATT&CK matrix overlay for purple team exercises, highlighting techniques to simulate and monitor.
Analyze this data breach and generate a MITRE technique-to-defense mapping to identify where controls failed.
Generate a MITRE technique overlay grouped by tactic phase, showing which techniques were blocked, detected, or missed.
Based on the logs from this fileless malware attack, identify the MITRE ATT&CK techniques and suggest mitigations per technique.
Create a multi-layered ATT&CK overlay showing differences in attack techniques across finance, HR, and engineering departments.
Summarize the MITRE techniques targeted in the latest LockBit ransomware campaign and generate a visual matrix overlay.
Review the playbook for our recent red team operation and output an ATT&CK Navigator JSON file mapping all used and simulated techniques.
From this SOC report, extract relevant MITRE ATT&CK mappings and propose defensive coverage metrics per tactic (e.g., initial access, persistence, exfiltration).

Penetration Testing Prompt Generation

Tailored for red team professionals, security consultants, and ethical hackers using Generative AI to support engagement planning, payload simulation, attack path enumeration, and post-exploitation documentation across various environments.

Generate a penetration test scenario targeting web application vulnerabilities such as SQL injection, XSS, and IDOR.
Create a pentest engagement outline for a small enterprise focusing on external perimeter assessment and wireless security.
Simulate the enumeration phase for a network penetration test using tools like Nmap, Netcat, and Nikto.
Write a checklist of OSINT techniques to gather employee, domain, and subdomain information prior to a social engineering campaign.
Generate payload options for exploiting a known CVE (e.g., Log4Shell) in a sandboxed lab environment.
Create a post-exploitation scenario involving privilege escalation from a compromised Linux user to root access.
Write a red team report summary for a successful internal pentest that discovered misconfigured admin shares.
Simulate an attack chain involving phishing, credential reuse, lateral movement, and domain admin access.
Generate a prompt to simulate password spraying attacks and output results showing weak credentials identified.
Design a penetration testing engagement for cloud infrastructure (AWS or Azure), focusing on misconfigurations and IAM flaws.
Write a prompt that outputs simulated results from a Wi-Fi pentest revealing weak WPA2 PSK keys and rogue access points.
Generate a report template summarizing vulnerabilities, proof-of-concepts, impact, and recommendations from a pentest.
Create a simulation for exploiting SMBv1 vulnerabilities and identify lateral movement paths post-compromise.
Write a prompt to simulate directory traversal and local file inclusion attacks on legacy web applications.
Design a pentest case study where social engineering and tailgating were used to gain physical access to a secure area.
Generate a prompt that simulates capturing NTLM hashes using Responder in a misconfigured internal network.
Create an ethical pentest drill for simulating session hijacking and insecure cookie exploitation in a web app.
Write a prompt to simulate a vulnerability scan using tools like Nessus or OpenVAS and summarize key findings.
Generate a prompt for web application pentesting using Burp Suite to intercept and manipulate HTTP requests.
Create a scenario where red teamers use post-exploitation enumeration to discover sensitive files, credentials, or keys on a compromised host.

Phishing Email Generation for Training

Specifically designed for cybersecurity awareness managers, red teams, and training coordinators using Generative AI to create realistic, targeted phishing simulation emails for employee training and organizational resilience testing.

Generate a phishing email simulating an urgent HR policy update with a fake PDF attachment requiring employee acknowledgment.
Create a fake IT support email warning users about a password expiration, prompting them to click a spoofed reset link.
Write a phishing simulation email offering a fake Amazon gift card in exchange for completing a survey.
Generate a social engineering phishing email impersonating the CEO requesting a wire transfer during travel.
Simulate a phishing email appearing to come from Microsoft Teams, prompting users to join a fake meeting link.
Create a phishing email that mimics a job opportunity alert from LinkedIn, asking the user to sign in for more details.
Write a realistic phishing simulation that references an internal company event and asks users to confirm attendance.
Generate a phishing email targeting finance staff with a fake invoice approval request in the form of a Google Doc link.
Create a phishing simulation for tax season, claiming the recipient is eligible for a tax rebate with a link to ‘verify details.’”
Write a phishing training email mimicking DocuSign, asking users to view and sign an important document.
Generate a fake VPN login alert email that asks the employee to verify recent activity.
Create a simulation email about account suspension due to suspicious login attempts, directing to a fake login page.
Write a holiday-themed phishing email with a discount coupon offer that includes a malicious link.
Simulate a spear-phishing email targeting IT staff asking them to update endpoint management credentials.
Generate a phishing email that mimics an MFA alert and asks users to reset their authentication preferences.
Create a training scenario email impersonating a government body (e.g., IRS, RBI) requesting urgent account verification.
Write a phishing simulation posing as a fake internal email from payroll with a request to update direct deposit information.
Generate a phishing test email using a COVID-19 vaccination update as a lure for credential harvesting.
Create a multilingual phishing simulation in both English and French for international teams.
Write a phishing email impersonating a cloud service provider (e.g., Dropbox, OneDrive) with a link to access shared files.

Phishing Simulation and Analysis

Created for cybersecurity professionals using Generative AI to simulate phishing campaigns, analyze email-based threats, and automate detection and reporting workflows. These prompts are ideal for security awareness teams, red teams, SOC analysts, and compliance professionals.

Create a simulated phishing email targeting HR employees, themed around an urgent payroll update, using realistic language and embedded links.
Analyze the headers and body of this suspicious email to detect signs of spoofing, sender obfuscation, or domain abuse.
Generate a report summarizing key indicators of phishing in the attached email, including anomalies in SPF, DKIM, and MIME types.
Write a simulated phishing lure impersonating the IT helpdesk asking employees to reset their passwords due to a security breach.
Summarize the attack chain of this phishing campaign from email delivery to credential harvesting, including any lateral movement indicators.
Draft a post-phishing simulation awareness message to educate employees on recognizing malicious emails.
Extract and explain the intent of this phishing attachment, including any embedded macro or obfuscated script.
Generate a phishing simulation targeting finance users during tax season, including a spoofed link and urgency- based call to action.
Create a matrix mapping this phishing campaign’s tactics to MITRE ATT&CK techniques related to initial access and credential theft.
Generate a phishing report template that includes sections for campaign goals, targets, outcomes, click rate, and training recommendations.
Analyze these employee-reported phishing emails and categorize them into spoofing, impersonation, and malicious attachment groups.
Develop a phishing simulation that uses LinkedIn-style messaging to impersonate recruiters offering fake job interviews.
Explain how this phishing email bypassed spam filters using image-based payloads and suggest detection enhancements.
Summarize indicators of a business email compromise (BEC) attack, including display name spoofing and changes in financial routing.
Simulate a phishing email impersonating an internal system alert for expired VPN credentials.
Analyze this phishing campaign and highlight how it exploited OAuth permissions and third-party application abuse.
Generate a simulated phishing email from a fake vendor requesting invoice payment and document attached payload behavior.
Summarize phishing simulation results for the sales department including participation rate, click-through rate, and report rate.
Draft a simulation using QR code phishing (‘quishing’) tactics aimed at mobile-first employees.
Explain how this phishing lure leverages urgency and social engineering principles to manipulate the target into clicking.

Prompt Injection and Mitigation

Designed for AI security leads, SOC analysts, and application security engineers using Generative AI to simulate, detect, and mitigate prompt injection attacks in security tools, chatbots, and LLM- integrated platforms.

Simulate a prompt injection attack against a cybersecurity chatbot that results in unauthorized disclosure of admin instructions.
Generate a security use case to detect prompt injection attempts in GenAI-powered SOC automation platforms.
Write a red team exercise scenario involving prompt injection in a security assistant embedded in an EDR dashboard.
Create a test prompt that manipulates an AI to ignore detection rules and generate a malicious SOAR playbook step.
Generate mitigation recommendations for LLM prompt injection in compliance tools that generate regulatory mappings.
Write a validation script that checks for hidden instructions embedded in user inputs to a security-focused AI interface.
Simulate a prompt injection in a chatbot that causes it to rewrite firewall rules incorrectly and bypass security zones.
Generate a sandbox testing prompt to assess whether a GenAI assistant can be coerced into revealing restricted SIEM queries.
Write a prompt to audit log entries from a GenAI tool for signs of successful prompt injection (e.g., rule bypass, unauthorized output).
Create a defensive prompt wrapper to sanitize and restrict inputs to GenAI tools used for cybersecurity reporting.
Generate a policy document outlining safeguards against prompt injection in AI-driven IT helpdesk systems.
Simulate a scenario where prompt injection causes an AI-powered vulnerability scanner to skip critical tests.
Write a detection rule for abnormal activity logs indicating prompt injection attempts in a SOC AI assistant.
Generate a checklist to harden a GenAI prompt interface against direct instruction overrides or meta-prompt chaining.
Create a security review template for applications that embed LLMs with administrative or policy-generation capabilities.
Write a forensic summary of a prompt injection incident affecting an AI-driven phishing response tool.
Simulate a prompt injection that tricks a compliance assistant into suggesting non-existent clauses in ISO 27001.
Generate a role-based access control (RBAC) model to limit exposure of AI outputs in high-risk GenAI prompt environments.
Write a threat model for prompt injection risks in a ChatGPT-like interface integrated with internal knowledge bases.
Create a GenAI prompt to test the effectiveness of input sanitization routines in a cybersecurity chatbot.

Ransomware Simulation and Response

Designed for incident response teams, SOC analysts, red-blue teams, and tabletop facilitators using Generative AI to simulate ransomware attacks, develop playbooks, test controls, and train teams in coordinated response.

Simulate a ransomware infection chain beginning with phishing, followed by privilege escalation and mass encryption of mapped drives.
Generate a ransomware tabletop exercise where IT, Legal, PR, and Security teams must collaborate to manage business continuity and external disclosures.
Write a step-by-step response plan for detecting and isolating ransomware spread in a flat network environment.
Create a ransomware playbook covering initial detection, endpoint triage, forensic imaging, and containment.
Simulate a ransomware attack on a hybrid cloud environment, affecting both local file servers and cloud storage.
Generate a training scenario where ransomware evades EDR using signed binaries and targets offline backups.
Write a red team inject to simulate ransomware that includes ransom note delivery, encryption behavior, and file extension changes.
Create a blue team response timeline highlighting key logs, alerts, and actions across the first 6 hours of a ransomware outbreak.
Generate a legal and compliance response checklist for ransomware attacks affecting customer data and triggering breach notification laws.
Write a ransom negotiation simulation where executive stakeholders must decide whether to pay or engage law enforcement.
Create a ransomware risk scoring prompt based on RTO/RPO impact, asset criticality, and lateral spread velocity.
Simulate a SOC alert sequence that starts with suspicious PowerShell execution and escalates to ransomware encryption detection.
Generate a ransomware debrief template summarizing entry vector, encryption path, logs collected, and response actions.
Write a purple team drill scenario where the red team emulates Ryuk and the blue team tunes detections mid- simulation.
Create a report template capturing ransomware IOC artifacts such as mutex names, file hashes, ransom notes, and dropped executables.
Write a GenAI prompt to simulate encrypted file volume growth and help predict total impact within the first hour of detection.
Generate a post-incident forensic narrative aligning ransomware artifacts with MITRE ATT&CK techniques (TA0040, TA0005, TA0011).
Simulate a ransomware attack where recovery is delayed due to untested backups and access issues during incident response.
Create an internal awareness brief highlighting lessons learned from a simulated ransomware event targeting shared drives.
Write a business impact report modeling downtime, recovery cost, and reputation damage from a multi-system ransomware infection.

Red Team Prompt Design

Focused on helping cybersecurity professionals leverage Generative AI to simulate offensive tactics, craft realistic adversarial scenarios, and automate red team planning—all while staying within ethical boundaries. These prompts are ideal for designing social engineering lures, offensive simulations, and training environments that reflect real-world threats.

Design a red team simulation that begins with a phishing email containing a malicious Excel macro and ends in domain escalation.
Generate a social engineering script for a red teamer impersonating IT support requesting VPN re-authentication.
Write a realistic phishing email targeting finance staff using a spoofed invoice theme and a malicious download link.
Create a payload-free command line simulation for privilege escalation using ‘runas’ and Windows token manipulation.
Generate a red team scenario that leverages Active Directory enumeration to identify lateral movement paths.
Design a simulation exercise that includes USB drop attacks with staged payloads for user awareness testing.
Create an email-based red team lure using fake MFA alert language and urgency-driven call to action.
Generate an offensive scenario where the red team exfiltrates mock data via DNS tunneling without triggering detection rules.
Write a prompt to simulate scheduled task abuse for persistence as part of a post-exploitation phase.
Design a red team campaign that targets hybrid work environments with VPN-based attack vectors.
Produce a phishing simulation involving fake HR policy updates with embedded links to credential-harvesting pages.
Generate a Powershell-based simulation script for DLL sideloading within a trusted application folder.
Create a series of prompts to simulate email thread hijacking as seen in modern BEC attacks.
Develop a red team scenario based on USB keystroke injection using tools like Rubber Ducky or Flipper Zero.
Simulate a watering hole attack scenario by crafting a fake blog post with embedded drive-by download scripts.
Design a red team narrative targeting DevOps teams via exposed CI/CD tokens or GitHub secrets.
Generate a phishing campaign template targeting customer service teams with fake escalation requests.
Write a prompt to simulate command and control (C2) beaconing patterns over HTTPS for testing network detection.
Create a red team plan that includes Kerberoasting and pass-the-ticket techniques within a lab environment.
Draft a simulation exercise based on abusing cloud misconfigurations such as unrestricted S3 buckets and overprivileged roles.

Red-Blue Team Exercise Simulation

Tailored for red and blue team leads, SOC managers, cyber range instructors, and training developers using Generative AI to design, simulate, and debrief realistic adversarial exercises that test detection, defense, and response capabilities.

Design a red-blue team simulation involving credential phishing, lateral movement, and data exfiltration within a segmented network.
Generate a full-day exercise plan where the red team mimics APT29 while the blue team must detect and contain the threat.
Create a collaborative simulation scenario where red teamers deploy a reverse shell via macro-enabled Excel, and blue teams must correlate logs to respond.
Write an inject for a red team to simulate a watering hole attack targeting a company wiki used by HR.
Generate a blue team objective sheet focused on identifying the use of living-off-the-land binaries (LOLBins) in the environment.
Design a cloud security red-blue simulation involving IAM misconfigurations and lateral movement between AWS roles.
Write a timeline-based simulation where red team activities include DNS tunneling and C2 beaconing, and blue team must isolate traffic.
Create a tabletop red-blue exercise simulating a ransomware outbreak in finance systems during quarterly reporting.
Generate a purple team drill where red deploys a new payload and blue tunes detection rules in real time.
Write a prompt to simulate adversary behavior involving brute-force login attempts across VPN and cloud accounts.
Create red team instructions for pivoting through unmanaged assets and exploiting legacy services.
Generate a blue team debrief summary template capturing detection timeline, missed signals, and remediation actions.
Design a two-week red-blue exercise calendar that increases in complexity and covers all MITRE ATT&CK tactics.
Simulate a deception-based challenge where red uses decoy documents and blue team must detect and trace access.
Write a drill where red uses encoded PowerShell payloads and blue must detect via command-line monitoring.
Create an inject where red team delivers a phishing email to executive assistants and blue team must analyze headers and links.
Generate a prompt for auto-documenting red-blue actions during a breach simulation using GenAI-assisted notebooks.
Write a scenario where red actors simulate insider threat behavior, and blue team must respond using DLP and EDR data.
Generate a post-exercise summary assessing blue team performance against red team dwell time, lateral spread, and alert volume.
Create a set of purple team prompts to align red tactics and blue detection logic in near-real time during the exercise.

Security Architecture Review Prompts

Crafted for enterprise architects, CISOs, cloud engineers, and security consultants using Generative AI to perform structured security architecture reviews, identify gaps, and validate alignment with industry frameworks such as SABSA, TOGAF, NIST CSF, and Zero Trust.

Generate a security architecture review checklist for a hybrid IT environment including cloud, on-premise, and SaaS components.
Write a summary of architectural security gaps identified in a review of segmented network zones and firewall placement.
Create a prompt to evaluate whether an existing architecture aligns with Zero Trust principles across identity, network, and device layers.
Generate a security architecture review report for a DevOps pipeline including CI/CD tooling, container registries, and runtime security.
Write an executive summary of security architecture weaknesses in a legacy ERP environment hosted in a private data center.
Create a prompt to assess control maturity in a multi-cloud architecture across logging, identity, encryption, and key management.
Generate a list of questions to evaluate security design decisions for a cloud-native Kubernetes deployment.
Write a risk report highlighting lack of network segmentation and overuse of flat trust zones in the current architecture.
Create a comparative review of current vs. target security architecture using NIST CSF core functions as categories.
Generate a playbook template for recurring quarterly security architecture assessments across business units.
Write a prompt to evaluate IAM, MFA, and JIT access enforcement across internal systems and third-party platforms.
Summarize security architecture review findings for a data lake built on AWS including S3 bucket policies and encryption methods.
Create a security domain map outlining architectural responsibilities across app, data, identity, and network layers.
Generate a checklist to evaluate integration of DLP, EDR, SIEM, and CASB in enterprise security architecture.
Write a threat modeling summary based on architectural flaws identified in public API exposure and weak authentication.
Generate a review template that incorporates CIS Controls, ISO 27001, and MITRE ATT&CK mappings into architectural validation.
Create an architecture review prompt to assess token management and session expiration in SSO implementations.
Summarize security architecture challenges in an M&A scenario with two converging cloud environments.
Generate a review matrix evaluating architecture decisions based on availability, scalability, and security impact.
Write a briefing note for enterprise architects recommending improvements to align infrastructure with current threat models.

Security Automation Recommendations

Tailored for SOC engineers, automation architects, and cybersecurity strategists using Generative AI to streamline and scale threat detection, incident response, vulnerability management, and compliance through SOAR, scripting, and orchestration.

Generate security automation recommendations for triaging phishing alerts using SOAR playbooks and email header analysis.
Create a step-by-step automation workflow to isolate infected endpoints upon EDR alert confirmation.
Write a recommendation to auto-enrich SIEM alerts using threat intelligence sources like VirusTotal, AbuseIPDB, and MISP.
Generate an automation plan to validate, assign, and escalate high-severity vulnerabilities from Qualys scans.
Draft a security automation use case to auto-generate incident reports in NIST format from correlated SIEM alerts.
Create an automation logic to disable suspicious user accounts after repeated MFA failures within a defined time window.
Write a security orchestration sequence that includes log collection, IOC extraction, and sandbox detonation of suspicious files.
Generate recommendations for automating cloud IAM anomaly detection and alerting across AWS, Azure, and GCP.
Design a SOAR playbook recommendation to triage alerts triggered by impossible travel across geographic regions.
Create a list of automation tasks that can reduce MTTR (mean time to respond) for malware-related incidents in an enterprise SOC.
Write a GenAI prompt to generate Splunk or QRadar content recommendations based on recurring alert patterns.
Recommend automation to verify expired SSL certificates across external-facing services and notify relevant owners.
Generate a plan to automate backup validation and alerting as part of ransomware resilience strategies.
Write an automation workflow that closes false positives after a predefined enrichment and analyst feedback loop.
Suggest automation logic to log all DLP violations and create ticketing system entries with user metadata.
Create a prompt for recommending SIEM rule tuning automation based on alert suppression and confidence scoring.
Draft a list of pre-approved containment actions that can be executed automatically in low-risk alert scenarios.
Generate a DevSecOps security automation checklist that includes IaC scanning, container image validation, and dependency patching.
Write a SOAR playbook automation recommendation for rotating exposed AWS keys and revoking sessions.
Create a prompt to identify repetitive analyst tasks in the SOC and suggest automation opportunities using RPA or scripts.

Security Awareness Training Content Creation

Designed for security leaders, training managers, and awareness officers using Generative AI to create engaging, accurate, and role-specific security awareness training materials. These prompts support the development of quizzes, policy explainers, scenario-based lessons, and email campaigns.

Create a security awareness quiz for employees covering phishing, password hygiene, and safe browsing practices.
Generate a training email educating users about business email compromise (BEC) and how to verify suspicious sender identities.
Write a short, engaging story-based scenario explaining the dangers of clicking on suspicious links in work emails.
Develop a 5-slide presentation on ransomware awareness tailored for non-technical HR and finance staff.
Generate a weekly ‘Cyber Tip Tuesday’ message about how to identify QR code-based phishing (quishing) attacks.
Create a phishing simulation exercise with an email lure related to holiday travel booking.
Write a brief awareness message warning employees about oversharing company information on LinkedIn.
Draft an awareness campaign poster on strong password practices and multifactor authentication (MFA).
Generate onboarding security awareness content for new hires about data handling, access controls, and reporting incidents.
Create an interactive scenario explaining how to recognize and report a social engineering phone call.
Develop a training module outline for secure remote work practices, including VPN use, device locking, and home Wi-Fi risks.
Generate a humorous but informative video script on avoiding phishing traps in emails and social media.
Write an executive memo reminding leaders about their role in setting a tone for cybersecurity culture.
Design a monthly newsletter template that includes recent cyber incidents, lessons learned, and awareness tips.
Create a fill-in-the-blank cybersecurity crossword puzzle covering common threats and defensive practices.
Generate a simulated phishing email about a fake mandatory cybersecurity training with a link to track employee response.
Write a training guide for customer-facing employees on how to handle suspicious attachments or files sent by clients.
Generate a fun interactive quiz to test employees on identifying red flags in email headers and domains.
Create department-specific security awareness messages for IT, Legal, Marketing, and Sales teams.
Draft a communication plan for Cybersecurity Awareness Month including weekly topics and learning objectives.

Security Controls Gap Analysis

Crafted for security auditors, GRC professionals, CISOs, and cybersecurity architects using Generative AI to identify missing or ineffective controls, benchmark against frameworks, and prioritize remediation based on risk exposure and business impact.

Generate a gap analysis report comparing current controls to NIST Cybersecurity Framework categories and subcategories.
Write a summary identifying missing ISO 27001 Annex A controls across access management, cryptography, and incident response.
Simulate a gap analysis scenario for a healthcare organization using HIPAA Security Rule safeguards.
Create a security control gap matrix mapping actual controls against the CIS Top 18 and flagging absent safeguards.
Generate a report comparing SOC2 control implementation with evidence collection status and maturity scores.
Write a prompt to evaluate endpoint protection controls against MITRE ATT&CK defensive coverage.
Create a role-based control analysis to identify which departments lack key security responsibilities or processes.
Generate a gap analysis for multi-cloud environments comparing AWS, Azure, and GCP IAM enforcement policies.
Write a risk-based prioritization plan that highlights critical control deficiencies impacting regulatory compliance.
Generate a checklist for reviewing logging and monitoring gaps across application, network, and cloud layers.
Create a summary of control weaknesses found during red team simulation and align them with missing blue team defenses.
Generate a comparison of current control environment against PCI DSS v4.0 requirements and identify compliance risks.
Write a board-ready executive summary highlighting top 5 control gaps and recommended mitigation timelines.
Create a control validation prompt that cross-references SIEM coverage against alert logic for critical assets.
Generate a compliance tracker for ISO 27001 controls marked ‘partially implemented’ and suggest remediation steps.
Write a prompt to map data protection controls to GDPR Article 32 and identify any under-addressed requirements.
Simulate a gap analysis for DLP and insider threat monitoring controls in high-risk departments like Legal and Finance.
Generate a prompt to compare incident response runbooks against real incident timelines and flag deviations.
Create a heatmap that ranks control effectiveness by business unit based on audit and incident data.
Write a GenAI-assisted template for periodic security control gap analysis, including evidence request fields.

Security Interview Question Creation

Crafted for HR professionals, cybersecurity hiring managers, and technical recruiters using Generative AI to create role-specific, scenario-based, and behavioral security interview questions for assessing candidates across red, blue, and GRC domains.

Generate 10 technical interview questions to assess a SOC analyst’s ability to respond to real-time security alerts.
Create behavioral interview questions for a GRC analyst role, focusing on compliance challenges and audit collaboration.
Write scenario-based interview questions for a cloud security engineer skilled in AWS IAM and S3 configuration.
Generate interview questions for a penetration tester focusing on exploit development, pivoting, and post- exploitation techniques.
Create a set of questions to evaluate a candidate’s understanding of threat hunting using EDR and SIEM tools.
Write red team interview questions involving phishing simulations, payload delivery, and evasion techniques.
Generate risk management interview questions focusing on third-party risk, vendor assessments, and business continuity.
Create interview questions for a security architect to assess zero trust implementation knowledge.
Write blue team interview questions centered on detecting lateral movement using Windows Event Logs and Sysmon.
Generate questions for a DevSecOps candidate involving CI/CD pipeline security and container hardening.
Create interview prompts to assess knowledge of data privacy regulations such as GDPR, HIPAA, and CCPA.
Write interview questions for an identity and access management (IAM) engineer covering JIT access and RBAC models.
Generate interview questions for a digital forensics role focused on memory dump analysis and chain of custody.
Create situational questions for a cybersecurity manager role to evaluate crisis leadership during incidents.
Write an interview test prompt that asks a candidate to analyze a simulated phishing email and describe the mitigation process.
Generate interview questions to evaluate a security analyst’s familiarity with MITRE ATT&CK framework and use cases.
Create technical interview questions for a network security engineer covering firewalls, segmentation, and IDS/IPS systems.
Write questions for a cloud compliance officer role focused on ISO 27017 and shared responsibility models.
Generate interview questions to assess an application security engineer’s experience with threat modeling and secure SDLC.
Create a role-specific security interview rubric for evaluating candidates across red team, blue team, and GRC roles.

Security Policy Drafting

Tailored for cybersecurity professionals and governance teams using Generative AI to create, review, and refine formal information security policies. These prompts help produce clear, standards-aligned documentation suitable for regulatory compliance and internal enforcement (aligned with ISO 27001, NIST, PCI DSS, and HIPAA frameworks).

Draft an Acceptable Use Policy (AUP) for employees accessing corporate systems remotely, including personal device restrictions.
Write a comprehensive Data Classification Policy that outlines public, internal, confidential, and restricted data tiers.
Generate a Password Management Policy aligned with NIST SP 800-63B and enforce multi-factor authentication (MFA) requirements.
Create an Information Security Policy for a healthcare organization aligned with HIPAA Security Rule requirements.
Write a Cloud Security Policy covering access control, encryption, logging, and third-party vendor responsibilities.
Generate a Bring Your Own Device (BYOD) Policy that balances employee mobility with risk management.
Draft an Incident Response Policy including roles, escalation procedures, reporting obligations, and response timeframes.
Create an Access Control Policy that defines role-based access, privileged account controls, and approval workflows.
Write a Change Management Policy that outlines testing, approvals, rollback planning, and emergency changes.
Generate a Network Security Policy that includes firewall configurations, segmentation rules, and wireless access controls.
Draft a Physical Security Policy for a multi-site organization including data center access, CCTV, and badge use.
Write a Vendor Risk Management Policy for third-party access to critical systems and compliance with ISO 27001 A.15.
Create an Email and Communications Policy addressing acceptable communication channels, phishing awareness, and encryption.
Develop a Remote Work Security Policy including VPN usage, endpoint protection, and offsite data handling.
Generate a Mobile Device Security Policy covering corporate-owned and personal mobile device usage.
Write a Backup and Disaster Recovery Policy with defined RPO/RTO objectives and testing schedules.
Create a Logging and Monitoring Policy specifying log retention, audit scope, and monitoring tools.
Draft an Encryption Policy for data in transit and at rest, including key management requirements.
Write a Secure Software Development Policy aligned with DevSecOps principles and secure coding practices.
Generate a Privacy Policy for a SaaS application that complies with GDPR, CCPA, and explains user rights.

SIEM Alert Summarization

Designed for cybersecurity professionals using Generative AI to analyze and synthesize alerts from SIEM platforms like Splunk, QRadar, Microsoft Sentinel, or Elastic.

Summarize this SIEM alert involving multiple failed RDP login attempts. Include the source IP, targeted asset, and MITRE mapping if applicable.
Group these 15 alerts by attack technique and generate a high-level narrative for incident response triage.
Analyze the attached SIEM alert and create a concise summary for a Tier-1 analyst including potential false positive indicators.
Given the following correlated alerts, summarize the likely attack path and rate its severity on a 1–10 scale with justification.
Extract and summarize key fields from this JSON-formatted QRadar alert including rule name, source IP, and triggered conditions.
Review these Sentinel alerts and generate a SOC-ready summary that highlights actionable next steps.
Summarize the root cause and impact of this SIEM alert on anomalous Azure AD logins from unfamiliar locations.
Summarize this alert triggered by lateral movement detection across endpoints. Include hostname, timestamp, and relevant TTPs.
Create a daily digest of the top 10 critical alerts received in the past 24 hours and group them by attack stage.
Translate this verbose SIEM alert into an executive-level summary for the CISO with business impact considerations.
Summarize this false positive alert and explain why it should be excluded from future detection rules.
Review and summarize this multi-step alert involving phishing email, link click, credential use, and endpoint compromise.
Combine these multiple alerts into a single incident timeline using timestamps and asset identifiers.
Given these indicators from SIEM, generate a summary linking them to known threat actor behavior profiles.
Summarize this alert involving a suspicious service creation event and explain its threat relevance.
Create a 3-sentence summary of this high-volume DNS tunneling alert for internal reporting.
Break down this noisy alert into understandable sections, highlighting the components that triggered the rule logic.
Summarize the alert triggered by excessive file downloads to USB devices and recommend investigation steps.
Summarize this alert triggered by anomalous cloud storage API activity. Highlight indicators of exfiltration.
Summarize five SIEM alerts from different sources and classify each as high, medium, or low priority. Justify your reasoning.

SIEM Rule Suggestions Based on Logs

Designed for SOC analysts, threat detection engineers, and SIEM administrators using Generative AI to review log patterns, propose detection rules, optimize alert logic, and build content that aligns with attack techniques (e.g., MITRE ATT&CK).

Analyze this authentication log data and suggest a SIEM rule to detect brute-force login attempts over RDP.
Review PowerShell execution logs and generate a detection rule for encoded or obfuscated command-line activity.
Based on these firewall logs, suggest a correlation rule to detect repeated access attempts from blocked geolocations.
Write a SIEM rule for detecting lateral movement using remote service creation across multiple endpoints.
Generate a use case rule to detect excessive file downloads from a corporate file share during non-business hours.
Suggest a detection rule based on DNS logs to identify potential DNS tunneling attempts using long TXT queries.
Analyze endpoint logs and create a SIEM rule to flag the execution of known living-off-the-land binaries (LOLBins).
Write a correlation rule to detect privilege escalation by chaining audit logs showing token manipulation and local admin access.
Based on VPN connection logs, generate a rule to alert on impossible travel or simultaneous logins from different countries.
Create a SIEM alert rule that triggers when Windows Event ID 4624 is followed by 4672 (special privileges assigned) within 1 minute.
Suggest a detection rule to identify Kerberoasting attempts using high-frequency ticket requests for service accounts.
Generate a rule for identifying anomalous PowerShell use based on command length, character entropy, and frequency.
Analyze cloud audit logs and suggest a SIEM rule for detecting suspicious permission changes in Azure AD or AWS IAM.
Write a rule to detect Beacon-like outbound traffic to external IPs based on periodic network patterns.
Create a SIEM rule to correlate successful login followed by data transfer over FTP from the same host within 5 minutes.
Generate a Splunk search query that identifies failed sudo attempts across multiple Linux servers in a short time window.
Design a rule to detect macro execution in Office apps that launches child processes like cmd.exe or powershell.exe.
Write a detection rule to alert on unsigned binaries executing from temporary or user-writable directories.
Suggest a correlation rule that links suspicious registry modifications with subsequent endpoint communication to known C2 domains.
Based on EDR logs, generate a rule to detect execution of remote scripts using WinRM from non-jump-box hosts.

Simulation of APT Attack Chains

Crafted for red teams, purple teams, SOC analysts, and threat emulation architects using Generative AI to simulate and study the full kill chain of Advanced Persistent Threats (APTs) aligned with MITRE ATT&CK tactics and real-world adversaries.

Simulate an APT29 attack chain starting with spear phishing and culminating in data exfiltration via encrypted HTTPS tunnels.
Generate a red team simulation of APT41 involving DLL sideloading, credential dumping, and use of cloud-based C2 infrastructure.
Write a full kill chain emulation of APT28 targeting Active Directory through SMB relay attacks and domain enumeration.
Create an APT attack chain simulation for a ransomware deployment scenario used by Conti or Ryuk operators.
Generate a step-by-step MITRE-aligned APT simulation involving initial access via drive-by compromise and lateral movement via WMI.
Write an APT-style cyber range scenario where the attacker uses living-off-the-land binaries (LOLBins) to maintain stealth.
Create an APT simulation targeting an industrial control system (ICS) with initial access via spear phishing and impact via PLC tampering.
Generate a simulated campaign for APT33 using password spraying, malicious Excel macros, and domain fronting for C2.
Write a scenario in which APT10 compromises a cloud service provider to pivot into customer environments.
Create a multi-day APT simulation using techniques like Kerberoasting, registry modification, and scheduled task persistence.
Generate a red team exercise where the simulated threat actor mimics APT38 targeting financial institutions for SWIFT fraud.
Write a threat simulation timeline involving initial foothold, privilege escalation, lateral movement, and exfiltration stages.
Create a prompt to simulate an APT group’s post-exploitation use of web shells, RDP tunneling, and browser data theft.
Generate an APT attack chain scenario tailored to healthcare targets with EMR system access and data staging.
Simulate a purple team exercise that mirrors APT34 tactics including DNS tunneling and PowerShell command obfuscation.
Write a scenario showing how an APT threat actor establishes persistence via service binary modification and registry autoruns.
Generate an adversary simulation using APT-style beaconing behavior and endpoint evasion via process injection.
Create a scriptable APT kill chain example compatible with Atomic Red Team or Caldera frameworks.
Write a forensic timeline of an APT simulation highlighting log sources, detection points, and gaps.
Generate a threat emulation plan that recreates all 14 MITRE ATT&CK tactics in a realistic APT scenario.

SOAR Playbook Generation

Crafted for Sec-Ops and SOC Analysts to pre-plan security orchestration and response scenarios with playbooks, prior to an event.

Design a SOAR playbook to automatically respond to brute-force login attempts, including alert triage, user isolation, and notification.
Generate a step-by-step SOAR workflow for handling phishing email reports from end-users in Microsoft 365.
Create a playbook for automating the containment of a compromised endpoint using EDR and firewall integrations.
Draft a SOAR playbook that performs IOC enrichment using VirusTotal, WHOIS, and internal threat intel feeds.
Generate a multi-stage SOAR playbook that escalates alerts based on CVSS score and MITRE ATT&CK severity mapping.
Design a playbook to handle cloud storage data exfiltration alerts, including user notification, API log collection, and data access revocation.
Create a Cortex XSOAR-compatible YAML playbook for ransomware response including backup restoration and endpoint isolation.
Generate an automated playbook to investigate DNS tunneling alerts and run endpoint queries for suspicious DNS client behavior.
Develop a SOAR playbook for anomalous login detection from unfamiliar geolocations, including MFA challenge and session termination.
Write a SOAR automation for automated ticket creation and assignment based on alert type and priority.
Design a SOAR playbook to respond to detected credential dumping activity by disabling affected accounts and notifying IAM admins.
Create a response workflow that triggers endpoint forensics collection when a high-fidelity malware alert is detected.
Generate a SOAR playbook for alert deduplication and correlation before triage to reduce analyst workload.
Write a SOAR routine that automates user communication after containment, including phishing education material.
Develop a playbook that uses regex and NLP to analyze email headers and detect spoofing indicators.
Design a SOAR integration that triggers a Slack or Teams alert when specific MITRE TTPs are identified in correlated logs.
Create a playbook that handles escalation of critical alerts to the on-call SOC analyst via SMS or voice notification.
Generate a SOAR workflow that auto-updates firewall rules when an IOC is confirmed as malicious.
Write a SOAR playbook that logs alert handling activities for compliance auditing and report generation.
Design a playbook that performs automated SIEM rule tuning suggestions based on alert resolution outcomes.

Third-Party Risk Assessment

Created for cybersecurity risk managers, GRC professionals, procurement teams, and compliance officers using Generative AI to evaluate, monitor, and report on vendor-related cyber risks, contractual controls, and supply chain security gaps.

Generate a third-party risk assessment template covering data access, incident history, compliance certifications, and SLA performance.
Create a vendor onboarding checklist that includes cybersecurity questionnaire scoring and evidence validation.
Write a prompt to summarize risk findings from a security review of a critical cloud service provider.
Generate a comparative report of cybersecurity maturity between two SaaS vendors using NIST CSF as a baseline.
Write a due diligence summary for a third-party processor with access to PII and financial transaction data.
Create a third-party risk heatmap showing risk level, data sensitivity, integration depth, and contract renewal dates.
Generate a prompt to identify vendors lacking up-to-date SOC 2 Type II or ISO 27001 certifications.
Write a simulated incident report involving a supply chain breach caused by a vendor’s phishing exposure.
Create a prompt to assess whether vendors support multi-factor authentication (MFA) and secure password policies.
Generate a questionnaire to evaluate a vendor’s business continuity and incident response plans.
Write a third-party cybersecurity attestation letter template for vendors to sign as part of onboarding.
Create a prompt to generate a third-party data flow diagram showing access paths and integration touchpoints.
Generate a compliance risk score based on vendor responses to GDPR, HIPAA, and CCPA-related controls.
Write a contract clause summary specifying cybersecurity obligations, breach notification timeframes, and audit rights.
Create a prompt to monitor third-party breach disclosures from threat intelligence feeds and dark web monitoring.
Generate a red-yellow-green vendor risk status report for quarterly board review.
Write an internal escalation memo for a vendor found non-compliant with encryption-at-rest requirements.
Create a tracking table for all high-risk vendors and their open remediation items, control gaps, and follow-up dates.
Generate a summary of vendor risk exposure related to remote access tools, VPNs, and unmanaged endpoints.
Write a GenAI-assisted third-party risk questionnaire tailored for vendors handling PHI in the healthcare sector.

Threat Detection and Analysis

Created for SOC Analysts using Generative AI to gain assistance for various daily attack and investigation scenarios.

Analyze the following endpoint telemetry and identify any signs of command and control communication. Include MITRE ATT&CK mappings if applicable.
Review these firewall logs and highlight indicators of port scanning or network reconnaissance.
Generate a summary of potentially malicious PowerShell commands from these script execution logs.
Compare these recent failed login attempts across multiple hosts. Determine if there is a brute-force pattern and suggest next steps.
Based on this DNS query log, detect any domain generation algorithm (DGA) usage and provide supporting indicators.
Summarize the signs of privilege escalation in the attached Windows Event logs and recommend detection improvements.
Classify the following process execution tree into normal or suspicious behavior. Highlight potential lateral movement attempts.
Correlate these SIEM alerts with known threat techniques. List possible attack chains and risk levels.
Identify anomalous login behavior from these identity provider logs and suggest rule tuning to catch similar activity.
Generate a timeline of events from the attached logs indicating a potential ransomware attack. Include TTPs and likely impact.
Analyze the HTTP proxy logs and detect any signs of data exfiltration or beaconing activity.
Using this cloud access log, determine if there’s an unauthorized privilege escalation via IAM misconfiguration.
Review this set of alerts from the past 24 hours and prioritize them by threat severity. Justify the ranking.
Detect signs of credential reuse across these multiple authentication attempts. Include user behavior indicators.
Summarize findings from this EDR alert indicating suspicious DLL injection. Recommend immediate containment steps.
Given the traffic pattern between internal systems and an external IP, determine if there is lateral movement and possible data staging.
Provide an analysis of possible insider threats based on anomalous access to sensitive files in this log set.
Compare logs from three endpoints and identify shared IOCs or attack behaviors indicating coordinated activity.
Generate a visual representation (table or graph) of malicious activity timelines from these security logs.
Explain the anomaly detection method used in this threat detection scenario and evaluate its effectiveness against known TTPs.

Threat Intelligence Correlation

Created for SOC Analysts to use generative AI in order to enhance general threat intelligence by adding specifics to tighten alerting and identify the latest threats.

Correlate these suspicious IP addresses with threat actor profiles using known threat intelligence feeds such as AlienVault OTX and VirusTotal.
Summarize any overlaps between this internal alert and recent CISA KEV (Known Exploited Vulnerabilities) entries.
Given these IOCs (IP, domain, SHA256), determine if they match any active APT campaigns in public threat intel reports.
Analyze these SIEM alerts and enrich them with TTPs from MITRE ATT&CK based on matched indicators.
Correlate the behavioral signatures from this EDR alert with known ransomware families in threat intelligence databases.
Cross-reference these domains with AbuseIPDB and identify any classified as phishing, malware, or command and control servers.
Using this endpoint alert, find associated threat actor groups and known campaigns that follow similar techniques.
Review this suspicious file hash and summarize its behavior, classification, and threat score from public intelligence sources.
Generate a threat context report for IP 45.9.148.210 using insights from VirusTotal, Unit 42, and commercial threat feeds.
Create a structured table that maps detected IOCs to related CVEs and known exploit kits.
Correlate these IOC matches with MITRE ATT&CK techniques and suggest possible defense evasion strategies used.
Review the latest threat intelligence for LockBit and summarize IOCs that overlap with these alerts.
Generate a cross-intelligence summary that correlates IOC reputation across MISP, Open Threat Exchange, and IBM X-Force.
Given the email indicators from a suspected phishing campaign, enrich them with DNS reputation and historical threat actor usage.
Summarize the threat actor tactics related to these fileless malware detections and map them to known APT groups.
Create a timeline of threat activity by matching this endpoint behavior with public threat actor playbooks.
Correlate these alerts from different endpoints to identify whether they belong to a coordinated multi-stage attack.
Based on this endpoint alert, identify malware families with similar behaviors and attach relevant threat actor attribution.
Review these network traffic anomalies and enrich them using known C2 infrastructure reported in recent threat intelligence reports.
Summarize all correlated threat intelligence for the past week, focusing on top matched IOCs and affected internal assets.

User Behavior Analytics (UBA)

Crafted for SOC teams, security analysts, insider threat programs, and threat hunters using Generative AI to design and refine UBA detection use cases, anomaly investigations, and risk-based user profiling.

Generate a UBA rule that detects abnormal login times for a user compared to their historical activity profile.
Create a UBA alert scenario where an employee accesses an unusually large number of sensitive files in a short timeframe.
Write a prompt to generate a risk score based on multiple factors like location mismatch, excessive file transfers, and failed logins.
Simulate a detection case where a privileged user accesses R&D systems outside business hours for the first time in six months.
Generate a UBA model that flags sudden spikes in SaaS application usage by an employee on extended leave.
Create an incident narrative for an insider threat case triggered by UBA anomaly detection in file access patterns.
Write a behavior-based alert that identifies VPN logins from new locations followed by access to critical finance systems.
Generate a user peer group comparison analysis and flag behavioral outliers among software engineers.
Create a prompt to summarize UBA anomalies involving access to terminated employee accounts.
Write a timeline-based report where user behavior gradually shifts toward reconnaissance activities before data exfiltration.
Generate a risk dashboard update summarizing top 10 anomalous user accounts across cloud and on-premise systems.
Write a prompt to correlate anomalies in email usage with simultaneous USB activity on a user’s device.
Create a GenAI prompt to simulate a phishing click followed by anomalous lateral movement detected by UBA tools.
Generate a table mapping behavioral indicators like time-of-access, volume, and new device usage to risk levels.
Write a policy update recommendation for integrating UBA alerts into insider threat escalation workflows.
Simulate a case study where UBA detection prevented sabotage by a disgruntled IT admin.
Generate a prompt to detect abnormal use of PowerShell and command-line tools by users without admin roles.
Create a UBA audit report template that logs user identity, flagged anomalies, alerts triggered, and analyst disposition.
Write a UBA scoring model where weights are assigned based on behavior deviation, access context, and device risk.
Generate a weekly summary prompt for UBA tools that highlights newly detected user anomalies and resolution status.

Vulnerability Scanning and Prioritization

Crafted for cybersecurity experts using Generative AI to interpret scan results, assess vulnerability impact, automate prioritization, and generate remediation guidance based on CVSS scores, asset criticality, and exploitability trends.

Summarize the results of this vulnerability scan and group findings by severity level using CVSS base scores.
Based on this scan output, identify the top 5 critical vulnerabilities and explain the risk to business operations.
Generate a prioritized remediation list for these vulnerabilities considering asset criticality, exposure level, and known exploits.
Given this list of CVEs, classify each one as exploitable remotely, locally, or requiring user interaction, and prioritize accordingly.
Analyze this scan report and identify vulnerabilities with active Metasploit or CISA KEV entries.
Create an executive summary of vulnerability risks for leadership, including affected systems and recommended timelines.
Explain why CVE-2023-23397 is high priority in an enterprise environment and what makes it exploitable at scale.
Compare two scan reports from consecutive months and highlight newly discovered high-impact vulnerabilities.
Based on the following findings, which vulnerabilities qualify as high-risk under the NIST Cybersecurity Framework?”
Generate patching recommendations for all critical CVEs identified in this Qualys/Nessus scan.
Write a business-friendly summary of unresolved vulnerabilities in the CRM environment and their potential financial impact.
Correlate these CVEs with MITRE ATT&CK techniques to understand potential exploitation paths.
Prioritize these vulnerabilities by combining CVSS scores with threat intelligence feeds indicating active exploitation.
Review this scan from a healthcare IT environment and flag vulnerabilities that could impact HIPAA compliance.
Identify legacy systems most exposed by this vulnerability scan and suggest compensating controls if patching is delayed.
Create a table summarizing each vulnerability’s exploitability, asset criticality, patch availability, and suggested deadline.
Generate a scriptable checklist of tasks to remediate the top 3 vulnerabilities from this scan using Windows Group Policy.
Summarize third-party application vulnerabilities on user workstations and recommend patching cadence.
Analyze the risks posed by out-of-date TLS configurations and weak cipher suites found in this scan.
Identify vulnerabilities in this containerized environment and prioritize fixes based on workload sensitivity and external exposure.

Zero Trust Architecture Planning

Designed for security architects, CISOs, and network engineers using Generative AI to model, document, and assess components of a Zero Trust Architecture (ZTA). These prompts are aligned with guidance from NIST SP 800-207, and are tailored for both enterprise and hybrid cloud environments.

Generate a high-level Zero Trust Architecture model for a mid-sized organization using identity, network, and workload segmentation.
Create a Zero Trust adoption roadmap broken into phases: visibility, identity enforcement, network segmentation, and policy automation.
Write a business case for Zero Trust implementation, including expected benefits, investment priorities, and risk reduction metrics.
Draft a policy that enforces least privilege access and micro-segmentation in a Zero Trust environment.
Generate a control matrix mapping Zero Trust principles to NIST SP 800-207 components such as policy engine, policy administrator, and enforcement points.
Simulate a Zero Trust access scenario where a remote employee requests access to a financial system under dynamic risk evaluation.
Write a technical design brief for integrating identity-based access control into Zero Trust using SSO, MFA, and JIT access.
Generate a prompt to assess readiness for Zero Trust, identifying current gaps in device posture validation and continuous monitoring.
Develop a Zero Trust policy framework for hybrid cloud access that includes workload identities and real-time threat scoring.
Write a SOC workflow that responds to Zero Trust violations, such as lateral movement attempts or failed trust evaluation.
Create a ZTA implementation checklist for enforcing user-to-app segmentation in a virtual desktop infrastructure (VDI) environment.
Design a Zero Trust network strategy that replaces VPN-based remote access with continuous authentication and telemetry checks.
Generate a plan to replace perimeter-based security controls with policy-based access enforcement across all endpoints.
Simulate a breach scenario and show how Zero Trust policy enforcement limits blast radius and prevents data exfiltration.
Write a CISO briefing on implementing Zero Trust with identity-first security, network segmentation, and endpoint health checks.
Create a data flow diagram for Zero Trust enforcement across SaaS, PaaS, and on-premise applications.
Develop a step-by-step guide to implement policy enforcement points (PEPs) in Zero Trust for email, storage, and apps.
Write a risk assessment summary for legacy systems in the context of Zero Trust policy enforcement.
Generate a communication plan for IT and business stakeholders to support the Zero Trust transition journey.
Create a comparison table of Zero Trust vendors (e.g., Zscaler, Palo Alto, Cisco, Microsoft) and their ZTA capabilities.

A Thousand and One Nights - 1,000 Security Prompts to Improve Your Workflow