We're almost done! Save the logic app and head over to a Microsoft Sentinel incident to give it a test run. We wanted to ask the AI model to explain the MITRE ATT&CK tactics and techniques associated with a Sentinel incident, so let's write a simple prompt using dynamic content to insert the incident tactic(s) from Sentinel. Success! We now have our GPT3 text completion action ready for our prompt. Make sure to follow the instructions exactly when adding your OpenAI API key - it expects the word "Bearer", followed by a space, then the secret key itself: If you don't have one already, create a secret key on and be sure to save it in a secure location! You'll then be asked to create a connection to the OpenAI API in the following dialog. You'll see the connector in the top pane and two actions below it: "Create an Image" and "GPT3 Completes your prompt":Ĭhoose "GPT3 Completes your prompt". Click on "New step" and type "OpenAI" in the search box. Review and create the playbook, and after a few seconds, the resource will deploy successfully and bring us to the Logic App Designer canvas: You should see Microsoft Sentinel with one or two authentication options - I'm using Managed Identity in this example - but if you don't have any connections yet, you'll be able to add the Sentinel connection in the Logic App Designer as well. Select a subscription and resource group, add a playbook name, and move to the Connections tab. We will start with a basic Incident-triggered playbook (Sentinel > Automation > Create > Playbook with incident trigger). I would also strongly recommend checking out Antonio Formato's excellent blog on incident handling with ChatGPT and Sentinel, where Antonio introduces a very useful multipurpose playbook that has become the reference for almost every implementation of OpenAI's models in Sentinel to date.You'll also need a personal OpenAI account with an API key for the GPT3 connection.We'll use pre-recorded data from the Microsoft Sentinel Training Lab to test our playbook. ![]() If you don't already have a Microsoft Sentinel instance, you can create one using a free Azure account and follow the Sentinel onboarding quickstart.Today we'll take a look at the OpenAI connector and explore some of its configurable parameters using a simple use case: describing the MITRE ATT&CK tactics associated with a Sentinel incident.īefore we get started, let's cover a few prerequisites: These powerful workflows are easy to write and integrate into SOC operations. What if we could harness some of this incredible potential to help incident responders in a Security Operations Center? Well, we sure can - and it's easy! Microsoft Sentinel already includes a built-in connector for OpenAI GPT3 models that we can implement in automated playbooks powered by Azure Logic Apps. We've seen ChatGPT write screenplays and poetry, compose music, write essays, and even translate computer code from one language to another. Welcome to our series on OpenAI and Microsoft Sentinel! Large language models, or LLMs, such as OpenAI's GPT3 family are taking over the public imagination with innovative use cases such as text summarization, human-like conversation, code parsing and debugging, and many other examples.
0 Comments
Leave a Reply. |