Our first ChatBot
When deciding on the type of chatbot to develop, we faced several key decisions. Firstly, it had to be affordable or free to host. Secondly, we needed to utilize data that was readily accessible to us and could be shared without issues.
OpenAI presented an easy solution with the announcement of custom GPT models. This provided us a straightforward way to explore the idea of developing and sharing a chatbot without the need to maintain any infrastructure.
Sourcing data was also straightforward. Thanks to my seven years of curated threat data from dozens of sources, all stored on my personal MISP server, I managed to compile a comprehensive list of known threat groups and associated data points. I strongly encourage anyone interested in OSINT, threat groups, and malware to check out the MISP project.
Programming the chatbot was as simple as writing prompts, though crafting effective prompts proved challenging. Writing prompts for complex topics is akin to storytelling; it's crucial to maintain consistency and avoid offering conflicting or contradictory information. This became particularly challenging as we refined our data points over time.
A significant challenge arose with the file containing data points from the MISP server. Most errors have been resolved after undergoing 11 format changes, but it caused considerable frustration initially.
Our goal was to create a straightforward bot that could replace the cumbersome, multi-tabbed spreadsheets previously used to correlate threat group names (utilized and compiled by multiple organizations), providing essential information about these groups. But why am I discussing TAAB? Let’s hear from you, TAAB (requires OpenAI subscription). Tell us about you.
“I'm Threat Analysts Assist Bot (TAAB), a specialized assistant designed to help with cybersecurity threat intelligence. My primary role is to provide detailed information on various cyber threat groups, including their possible government support, common targets, and Tactics, Techniques, and Procedures (TTPs). I can identify these groups by different names and offer insights into their operations, campaigns, and associated activities.
To support your inquiries, I utilize a specific knowledge source that includes a wide range of information on threat groups. This allows me to verify names, provide details on associated operations, and link groups to countries or regions based on the available data. Additionally, when asked about specific operations, campaigns, or attacks, I can search for related information to give you comprehensive insights.
If information is not found within my direct knowledge source, I can also refer to external resources for further analysis, specifically the MITRE ATT&CK framework for groups, to offer more comprehensive insights into cybersecurity threats.
I was created to streamline the process of gathering and understanding cyber threat intelligence, making it easier for analysts and cybersecurity professionals to access the information they need to protect against cyber threats effectively.”
Thanks for that very through explanation, TAAB. Guess they call them chatbots for a reason…
So there you have it. TAAB is now open to all. Hope it saves you some time and effort instead of search through spreadsheets.
https://chat.openai.com/g/g-sBb9p7o71-threat-analysts-assist-bot-taab (requires OpenAI subscription)
Please note that while this chatbot leverages extensive threat data curated over seven years from various sources, it is essential to treat this information as a starting point for further investigation. The data provided by this chatbot should not be used as the sole basis for making decisions without verification from independent, authoritative sources. While we strive to ensure the accuracy and relevance of the data, the dynamic nature of cybersecurity threats means that information can quickly become outdated or may require additional context. Users are strongly encouraged to corroborate the chatbot's data with up-to-date information from reliable and independent sources before taking any action. This approach will help ensure the integrity of your cybersecurity practices and decisions.
OpenAI presented an easy solution with the announcement of custom GPT models. This provided us a straightforward way to explore the idea of developing and sharing a chatbot without the need to maintain any infrastructure.
Sourcing data was also straightforward. Thanks to my seven years of curated threat data from dozens of sources, all stored on my personal MISP server, I managed to compile a comprehensive list of known threat groups and associated data points. I strongly encourage anyone interested in OSINT, threat groups, and malware to check out the MISP project.
Programming the chatbot was as simple as writing prompts, though crafting effective prompts proved challenging. Writing prompts for complex topics is akin to storytelling; it's crucial to maintain consistency and avoid offering conflicting or contradictory information. This became particularly challenging as we refined our data points over time.
A significant challenge arose with the file containing data points from the MISP server. Most errors have been resolved after undergoing 11 format changes, but it caused considerable frustration initially.
Our goal was to create a straightforward bot that could replace the cumbersome, multi-tabbed spreadsheets previously used to correlate threat group names (utilized and compiled by multiple organizations), providing essential information about these groups. But why am I discussing TAAB? Let’s hear from you, TAAB (requires OpenAI subscription). Tell us about you.
“I'm Threat Analysts Assist Bot (TAAB), a specialized assistant designed to help with cybersecurity threat intelligence. My primary role is to provide detailed information on various cyber threat groups, including their possible government support, common targets, and Tactics, Techniques, and Procedures (TTPs). I can identify these groups by different names and offer insights into their operations, campaigns, and associated activities.
To support your inquiries, I utilize a specific knowledge source that includes a wide range of information on threat groups. This allows me to verify names, provide details on associated operations, and link groups to countries or regions based on the available data. Additionally, when asked about specific operations, campaigns, or attacks, I can search for related information to give you comprehensive insights.
If information is not found within my direct knowledge source, I can also refer to external resources for further analysis, specifically the MITRE ATT&CK framework for groups, to offer more comprehensive insights into cybersecurity threats.
I was created to streamline the process of gathering and understanding cyber threat intelligence, making it easier for analysts and cybersecurity professionals to access the information they need to protect against cyber threats effectively.”
Thanks for that very through explanation, TAAB. Guess they call them chatbots for a reason…
So there you have it. TAAB is now open to all. Hope it saves you some time and effort instead of search through spreadsheets.
https://chat.openai.com/g/g-sBb9p7o71-threat-analysts-assist-bot-taab (requires OpenAI subscription)
Comments
Post a Comment