Add example OpenAI wrapper analytic for ranking suspicious processes #26
Conversation
|
|
mayaCostantini
force-pushed
the
openai-wrapper
branch
from
f4814b0
to
a9deefb
Compare
There was a problem hiding this comment.
Nice!
Would you want to provide a screenshot for people to quickly make sense of this analytics?
And is it helpful to give a little more detailed instructions in the prompt about which field/attribute for GPTs to focus on, e.g., name and command_line to help it finish its job?
|
Thanks for the review @subbyte ! Here is a screenshot of the analytic applied to a list of processes as extracted from another example huntbook, with the original prompt from this PR: |
|
And as suggested, here is the result when asking the model to focus on the The answer looks indeed more useful with the new prompt, so I will change it. |
|
Cool! Could we have the screenshot as a file like And it looks like GPT just grab all processes from the JSON and try to rank them, not understand the variable (in this test) only has one process and all other processes are related ones such as parent process---this requires the understanding of the attributes in the exported JSON, which may requires few shots examples to help the LLM. Anyway, a good starting point, and it is great to see that GPT gives some ideas how these processes can be used in an attack. |
|
Thanks! I will follow-up soon with the improvement you proposed |
The goal of this analytic is to offer a base for prompting an OpenAI model (here ChatGPT) to rank suspicious processes given in the input dataframe.