An AI Way to Create XPath Queries for Microsoft Sentinel DCRs
You're only as good as...
Recently, I posted a sure-fire method to a Shortcut Way to Create XPath Queries for Microsoft Sentinel DCRs. This works great, however, with all the hubbub around ChatGPT and Generative AI, it sure would be nice if these queries could be created on the fly with a few simple questions.
Well, they can - but for now, you have to be very specific in how you ask. If you ask without specifying the type you want, it assumes you want an SQLXML query.
Choose the appropriate type of XPath query you want when you ask:
Windows XPath query, or…
Syslog XPath query
In the image example above, it shows the result of my question, but there’s some tweaking that still has to be done. The actual XPath query I want is:
Application!*[Application[EventID=16384]]
So, it’s close.
The Bing Chat component is not quite up to speed on this yet, but my own Chatbot in Azure Open AI works well, and after a bit of additional model training, it should be golden.
Google’s Bard, on the other hand, leaves a lot more work left undone.
I’m also happy to hear your experiences with this. Your feedback could help drive better accuracy.
I’m chest-deep in working on figuring out the best ways to secure AI these days. It’s become my area of focus on my team. You can keep track of what I’m working on here: https://github.com/rod-trent/OpenAISecurity
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]