-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add example OpenAI wrapper analytic for ranking suspicious processes #26
Add example OpenAI wrapper analytic for ranking suspicious processes #26
Conversation
f4814b0
to
a9deefb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
Would you want to provide a screenshot for people to quickly make sense of this analytics?
And is it helpful to give a little more detailed instructions in the prompt about which field/attribute for GPTs to focus on, e.g., name
and command_line
to help it finish its job?
Thanks for the review @subbyte ! Here is a screenshot of the analytic applied to a list of processes as extracted from another example huntbook, with the original prompt from this PR: |
Cool! Could we have the screenshot as a file like And it looks like GPT just grab all processes from the JSON and try to rank them, not understand the variable (in this test) only has one process and all other processes are related ones such as parent process---this requires the understanding of the attributes in the exported JSON, which may requires few shots examples to help the LLM. Anyway, a good starting point, and it is great to see that GPT gives some ideas how these processes can be used in an attack. |
Thanks! I will follow-up soon with the improvement you proposed |
The goal of this analytic is to offer a base for prompting an OpenAI model (here ChatGPT) to rank suspicious processes given in the input dataframe.