Playbooks to capture AI prompts

Question

Hi All,We’re experimenting with ways to make Gemini even more useful for our SOC analysts during triage and investigation. While the AI-generated summaries are impressive, we’ve found that the sheer volume and complexity of information can sometimes slow analysts down when they’re trying to extract key insights quickly.To help with this, we’re thinking of building a set of lightweight, targeted playbooks that analysts can use to pull specific, actionable information from alerts or incidents. The idea is to streamline the process and reduce cognitive load during high-pressure moments.Here are a few prompt examples we’re considering:Extract all relevant entities (IP addresses, usernames, file hashes, domains, timestamps)Categorize entities by type (network, user, host, file)Assess potential false positives and explain the reasoningWe’ve got more ideas in the pipeline, but we’re starting small and plan to iterate based on feedback and results.If anyone has experience with similar implementations or can point us to helpful documentation or best practices, we’d love to hear from you!Thanks in advance!

ylandovskyy · Accepted Answer

is there a way to use the SecOps Gemini rather than another 3rd party AI app?

Not as of now, but we have in the plans to add support for "Ask Gemini" action in Google Chronicle integration. Can't give an ETA for it, yet.

mikewilusz · Answer

is there a way to use the SecOps Gemini rather than another 3rd party AI app?

I have an unofficial integration that leverages the excellent work by the team on the SecOps Wrapper SDK and ported some of those to be actions in playbooks. One of those is the ability to query Gemini in SecOps directly from a playbook: https://github.com/pilot006/google-secops-unofficial-wrapper-sdk-soar-integration

-mike

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded