As a highly capable AI language model, ChatGPT has the potential to revolutionize the way security teams approach their daily tasks. In this blog, we explore six creative ways that ChatGPT can assist and enhance the work of cybersecurity professionals, making their job easier and more effective.

1. Simplify SIEM Query Writing with ChatGPT

With ChatGPT, you can simply type in whatever you want in the blog.

ChatGPT makes it effortless to write SIEM queries, just type in your desired information and it will output the query for you.

As a demonstration, let’s examine a Splunk example:

Write a regular expression in Splunk to filter ip

Chatgpt splunk query

Another example is generating a sentinel query.

Write a sentinel query to identify the number of active logon failures for users within 24 hour period.

chatgpt for sentinel

2. Generate Security Detections

Using ELK (Elasticsearch, Logstash, and Kibana) to generate security detections can be done easily using ChatGPT.

Write ELK query to detect registry change

ChatGPT for ELK

write a splunk query to detect command and control beaconing activity using subdomain DNS requests

chatgpt for beaconing detection

3. Write Security Policies

Writing a comprehensive security policy can be a time-consuming and complex process. There are many elements to consider, such as risk assessments, threat modeling, incident response procedures, and more. However, by leveraging the power of advanced artificial intelligence technology, such as ChatGPT, this process can be simplified and streamlined. ChatGPT can assist in generating policy content, as well as assist in reviewing and refining existing policies, to ensure that they are up-to-date, comprehensive, and effective in protecting the organization.

write a data security policy for my organization of 500 employees

chatgpt for security policy

4. Identify Vulnerabilities

Vulnerability management is a critical aspect of any organization’s cybersecurity strategy. Cyber criminals are always on the lookout for vulnerabilities in systems, applications, and networks that they can exploit to gain unauthorized access. The earlier a vulnerability is discovered, the easier it is to fix it. However, finding and fixing vulnerabilities can be a tedious and time-consuming process for IT teams, especially for large organizations with multiple systems and applications to manage. ChatGPT can be a useful tool to simplify this process. With its advanced natural language processing capabilities, ChatGPT can assist IT teams in quickly identifying potential vulnerabilities and providing recommendations for remediation.

In the following example, we gave GPT code examples, and asked What’s wrong with this piece of code?

Chatgpt for vulnerability Chatgpt for vulnerability

5. Write Automation Scripts for Daily Operations

Automation script is useful but writing automation scripts right takes time. With ChatGPT’s advanced capabilities, it can quickly generate code based on your requirements and reduce the amount of time you need to spend on writing scripts.

Generate a Powershell script for Malware scanning on a list of computers.

chatgpt for automation scripts

Generate a bash script that automates port scanning with Nmap

chatgpt for nmap automation script

6. Assist Incident Response

The complexity of security alerts can often lead to confusion and a feeling of being overwhelmed. However, with the help of GPT, this problem can be greatly reduced. By using GPT, you can receive suggestions on how to handle security investigations, threat hunting, or summarizing security issues. These suggestions are based on the vast knowledge and information that GPT has been trained on, making it a valuable asset for anyone dealing with security alerts. Whether you are a security analyst, engineer, or administrator, having the ability to quickly and effectively respond to security incidents can greatly improve your overall security posture. So, incorporating ChatGPT into your security toolkit can not only simplify the process but also provide you with a more comprehensive solution to address security alerts

For example, here is a suspicious alert

chatgpt suspicious alert

You can ask ChatGPT to provide suggestions.

Can you write a report on this and suggest additional eveidence to collect with details?

chatgpt for security alert investigation chatgpt for security alert investigation chatgpt for security alert investigation

And take a step further, you can ask it to automate the response for you.

Generate the script to Get Malicious IPs from SIEM and Block it on my Firewall

automate response

 

When you are ready, here are three things we can help

1. Check out DTonomy Security Copilot and join Discord channel to learn more.





2. With DTonomy Automation, you can easily integrate GPT capabilities into your workflow to streamline your security operations. Simply implement GPT when you are ready, and experience the simplicity and efficiency of automating your security tasks. Here is a demonstration to give you an idea of how it works.

Step 1: Pull vulnerability information from CrowdStrike Spotlight

Step 2: Ask ChatGPT, “Here is a vulnerability. Summarize it and provide detailed instructions on how to remediate this vulnerability:”

automate GPT suggestion for vulnerability
Step 3: Update tickets with GPT Recommended Remediation for Vulnerability.
GPT Recommended Remediation

3. Leverage DTonomy’s Security Orchestration and Automation Response platform to help you streamline SOC analysis and response procedures.

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

X