Three use cases of Large Language Models (LLMs) to save time and immediately enhance productivity
While there is tremendous hype around LLMs, many people in Cybersecurity are still struggling to put news tools like ChatGPT and Google Bard to practice. This is a brief article to discuss use cases that will save time and quickly enhance your productivity in carrying out common tasks.
- Create Bash Scripts to automate Cyber Security tasks
- Super fast SIEM use cases development
- Assistance in Security Awareness Program
Use Case 1: Automate Cybersecurity Tasks with bash Scripts
Many Cybersecurity professionals need automating simple tasks using scripts that would otherwise take a large amount of time and work. ChatGPT can create bash shell scripts quickly that you can adapt to your needs. Let us assume your policy requires disabling username/password authentication to SSH and allows only key based authentication. The following example shows how ChatGPT creates a script to accomplish it on a large number of servers. Carefully take a look at the prompt and response
User Prompt
“create a bash shell script that to check if SSH login using username and password is enabled on a large number of Linux servers. Assume key based login is enabled on these servers for a user with username “super_secret_admin”. The list of server IP addresses is stored in a file servers.txt, one IP address per line.”
ChatGPT Response
“To check if SSH login using a username and password is enabled on a list of Linux servers where key-based login is enabled for the user “super_secret_admin,” you can use a Bash script that reads the list of server IP addresses from a file and remotely checks the SSH server configuration for the “super_secret_admin” user. Here’s a sample script for this task:
#!/bin/bash
# Specify the path to the file containing server IP addresses
server_list_file="servers.txt"
# Specify the SSH username (super_secret_admin user)
ssh_user="super_secret_admin"
# Function to check if SSH password authentication is enabled for the super_secret_admin user
check_ssh_password_auth() {
server_ip="$1"
ssh_config_file="/etc/ssh/sshd_config"
# Use SSH to remotely fetch the SSH server configuration
ssh_config=$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$ssh_user@$server_ip" "cat $ssh_config_file")
# Check if PasswordAuthentication is set to yes in the sshd_config
if [[ "$ssh_config" =~ "PasswordAuthentication yes" ]]; then
echo "SSH password authentication is enabled for $ssh_user on $server_ip."
else
echo "SSH password authentication is not enabled for $ssh_user on $server_ip."
fi
}
# Main script
if [ -f "$server_list_file" ]; then
while read -r server_ip; do
echo "Checking SSH configuration on $server_ip..."
check_ssh_password_auth "$server_ip"
done < "$server_list_file"
else
echo "Server list file not found."
fi
Replace “super_secret_admin” with the appropriate SSH username you want to check for password authentication.
Ensure that the SSH key of the machine running this script has access to the servers you are checking. The script reads server IP addresses from the servers.txt file, one per line, and then connects to each server to check the sshd_config file for the presence of “PasswordAuthentication yes” for the “super_secret_admin” user to determine if password authentication is enabled.
You can run this script with the command bash script.sh. It will check each server listed in the servers.txt file.
Make sure you have the necessary permissions and approvals to perform remote checks on these servers.“
Here is a partial screenshot of this prompt and response.
Note that you can fine tune the prompt if the result does not meet your needs. Also note that you still need knowledge of Bash scripting to make sure the generated script meets your needs and that you are able to make manual fine tuning to the script, if needed. ChatGPT is your assistant, not your replacement!
Use Case 2: Super Fast SIEM Use Case Development
LLM tools are also very useful to quickly fine tune SIEM rules and enhance detection capabilities in Security Operations Centers (SOC). The following simple example shows how quickly ChatGPT created Splunk code for detecting directory traversal attacks.
The next screenshot shows Google Bard response to the same prompt with a different answer.
Use of these tools can greatly enhance speed of SIEM tuning and detection capability. The work that usually needs days can be accomplished in hours.
Use Case 3: Assistance in Security Awareness Program
Writing good communication is an art and many of us in the Cybersecurity field are not very skillful in written communication. Fortunately now we have ChatGPT to come to our assistance. Please see the following prompt and response in crafting a communication to your specific audience.
User Prompt
“Craft a brief email for executive management team members highlighting importance of security awareness month and actions that the board should take during this month.”
ChatGPT Response
“Subject: Security Awareness Month: Enhancing Our Organization’s Resilience
Dear Members of the Executive Management Team,
I trust this message finds you well. As we usher in Security Awareness Month, I want to underscore the critical importance of this initiative and outline the actions that our Board of Directors should consider to reinforce our commitment to cybersecurity.
Security Awareness Month serves as a yearly reminder of the dynamic and ever-evolving nature of security risks within our industry. It is a timely opportunity to focus our efforts on strengthening our organization’s security posture. To this end, I recommend the following actions for our Board’s consideration during this month:
1. **Increased Employee Vigilance**: Encourage all staff to maintain a heightened level of awareness when it comes to security threats. The mantra “See something, say something” should be reinforced throughout our organization.
2. **Education and Training**: Support and participate in security awareness training sessions for our employees. Highlight the importance of robust password management, data protection, and secure online practices.
3. **Policy and Procedure Review**: Conduct a thorough examination of our existing security policies and procedures. Identify areas where revisions or improvements are needed to address emerging threats.
4. **Incident Response Simulation**: Consider organizing a tabletop exercise to test our incident response plan. Ensure that all Board members and key staff are well-prepared in the event of a security incident.
5. **Expert Insights**: Explore the possibility of inviting external security experts to provide insights on emerging threats and best practices in security. Their perspective can be invaluable in fortifying our defenses.
6. **Stakeholder Communication**: Maintain transparent communication with our stakeholders, including customers and partners, regarding our dedication to security and the measures we are implementing to safeguard their data.
7. **Resource Allocation**: Evaluate and approve the allocation of necessary resources for our security initiatives. Invest in technologies and training programs that enhance our ability to mitigate threats effectively.
8. **Regular Updates**: Ensure that our Board members are well-informed about the progress of our security initiatives and receive regular reports on security-related incidents and trends.
By collectively embracing these actions during Security Awareness Month, we will not only strengthen our resilience against potential security threats but also reinforce our unwavering commitment to the security of our organization and the trust of our stakeholders.
Your support and involvement in these efforts are invaluable. Thank you for your commitment to the security and success of our organization.
Best regards,
[Your Name]
[Your Title]
[Your Contact Information]”
Let us say this text is too long for your purpose. A follow-up prompt, as shown below, makes it much shorter.
Using LLM tools as your assistance in a security awareness program is a great help.
Check Your Corporate Policy for LLM Use
Before using LLM tools, check your corporate policy. The tool may store your prompts and use them to enhance capabilities of the model. If you put any sensitive information in the prompt, it may result in unintentional data leakage. Use these tools with caution and in accordance with your corporate policies.
Recent Posts
- GenAI Risk Categories
- Ten Best Practices for Cybersecurity Risk Management
- Run LLM Models on Macbook – Part II
- Post-Quantum Cryptography Resources
- Run LLM Models on a Macbook