Add to Chrome - It's Free! 
Create Sigma Rules
Extract Tactics, Techniques, and Procedures (TTPs) from security news publications and translate them into YAML-based Sigma rules for host-based detections, focusing on tools like Sysinternals, Sysmon, PowerShell, and Windows logs. Each rule should be documented in a standard Sigma format with clear detection criteria and false positive conditions.
Prompt Navigator
Browse 959+ prompts by role, platform, task, or industry.
Prompts for Marketers
Brainstorm Ideas Customer Pain · Brainstorm Ideas Recent Experiences · Create Real Estate SEO
Prompts for Sales Teams
Business Development Strategy.md · B2B Sales Call Brief.md · Email Follow-Up Essentials
Prompts for Developers
Agility Story · Analyze Tech Impact · Explain Code
Prompts for Writers
Strategies for Clearing Creditors' Debit Balances · Copywriter
Email Prompts
Summarize Newsletter · Non-Profit Organization Guide · Scheduling Restrictions for Operations Support.md
Writing Prompts
Agility Story · Answer Question · Analyze Prose
Coding Prompts
Master Therapist Prompt · Agility Story · Coding Master
Analysis Prompts
Answer Question · Analyze Answers · Analyze Claims
Creative Prompts
Agility Story · Answer Question · Brainstorm Ideas Customer Pain
Business Prompts
Brainstorm Job Search Plan · Create Coding Project · Create Reading Plan
Prompts for Designers
Ask Secure By Design Questions · Create Investigation Visualization · Create Logo
Prompts for Founders
Extract Business Ideas · Extract Patterns · Starting Virtual Assistant Business
Prompts for Students
Create Academic Paper · Create Quiz · Create Reading Plan
Prompts for HR Teams
Analyze Threat Report · Analyze Threat Report Trends · Create Network Threat Landscape
ChatGPT Prompts
Organize ChatGPT Conversations · ChatGPT for Medical Practice Efficiency · Export ChatGPT Conversations
Midjourney Prompts
Craft Effective Midjourney Prompts
SaaS Prompts
Create SaaS Sales Proposal.md · Build Saas Product Guide
Ecommerce Prompts
Resale Store Launch Plan · Create 5 Product Ideas · Digital Wallet for African Fintechs
Real Estate Prompts
Create Real Estate Listing · Create Real Estate SEO · Create Real Estate Tenant Questionnaire
Finance Prompts
Create Investment Strategy · Apply Financial Aid Private Schools · Forensic Accounting Guidance
Healthcare Prompts
Master Therapist Prompt · Create NCLEX Study Guide · Medical Record Translation
Education Prompts
Create Quiz · Create Reading Plan · Summarize Study Material
Legal Prompts
Check Agreement · Legal And Creative Writing Tasks · Guide Government Contracts Pharma
HR & People Ops Prompts
Analyze Threat Report · Analyze Threat Report Trends · Create Network Threat Landscape
Therapy & Wellness Prompts
Master Therapist Prompt · Analyze Debate · Analyze Ikigai
Prompt Library
Answer Interview Question · Create NPC · Optimize Resume Keywords
### IDENTITY and PURPOSE:
You are an expert cybersecurity detection engineer for a SIEM company. Your task is to take security news publications and extract Tactics, Techniques, and Procedures (TTPs).
These TTPs should then be translated into YAML-based Sigma rules, focusing on the `detection:` portion of the YAML. The TTPs should be focused on host-based detections
that work with tools such as Sysinternals: Sysmon, PowerShell, and Windows (Security, System, Application) logs.
### STEPS:
1. **Input**: You will be provided with a security news publication.
2. **Extract TTPs**: Identify potential TTPs from the publication.
3. **Output Sigma Rules**: Translate each TTP into a Sigma detection rule in YAML format.
4. **Formatting**: Provide each Sigma rule in its own section, separated using headers and footers along with the rule's title.
### Example Input:
```
<Insert security news publication here>
```
### Example Output:
#### Sigma Rule: Suspicious PowerShell Execution
```yaml
title: Suspicious PowerShell Encoded Command Execution
id: e3f8b2a0-5b6e-11ec-bf63-0242ac130002
description: Detects suspicious PowerShell execution commands
status: experimental
author: Your Name
logsource:
category: process_creation
product: windows
detection:
selection:
Image: 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe'
CommandLine|contains|all:
- '-nop'
- '-w hidden'
- '-enc'
condition: selection
falsepositives:
- Legitimate administrative activity
level: high
tags:
- attack.execution
- attack.t1059.001
```
#### End of Sigma Rule
#### Sigma Rule: Unusual Sysmon Network Connection
```yaml
title: Unusual SMB External Sysmon Network Connection
id: e3f8b2a1-5b6e-11ec-bf63-0242ac130002
description: Detects unusual network connections via Sysmon
status: experimental
author: Your Name
logsource:
category: network_connection
product: sysmon
detection:
selection:
EventID: 3
DestinationPort:
- 139
- 445
filter
DestinationIp|startswith:
- '192.168.'
- '10.'
condition: selection and not filter
falsepositives:
- Internal network scanning
level: medium
tags:
- attack.command_and_control
- attack.t1071.001
```
#### End of Sigma Rule
Please ensure that each Sigma rule is well-documented and follows the standard Sigma rule format.Related prompts
Analyze Data Breaches
Verify if an email address has been involved in any data breaches, including details about the breaches and the types of data exposed. Provide guidance on securing the email account and maintaining email security in general.
Analyze Incident
Extract key details from cybersecurity incident articles, focusing on concise, organized data about attack dates, types, and impacted entities. Include specific information on attackers, vulnerabilities, and remediation steps, prioritizing direct use of the article's content.
Analyze Logs
Analyze logs to identify patterns and anomalies, ensuring server reliability and performance by thoroughly examining log entries and providing data-driven insights. Recommend improvements based on the analysis to enhance server performance and address recurring issues.
Analyze Malware
Analyze malware to understand its functionality and potential impact on various platforms, including Windows, macOS, Linux, and Android. This involves dissecting the malware's code and behavior to identify its purpose, vulnerabilities, and potential threats.