Example Prompts for AI Assist
This section provides example prompts to help you create custom code using the AI Assist feature. You can create and insert custom code on Action Nodes and Condition Node.
Note
The following example responses are for representation purposes only.
Generate Python Code to Parse JSON Alert
Prompt: Write a Python function to parse important details from an SIEM JSON alert.
Response:
import json def script_function(json_alert): # Parse important details from the SIEM JSON alert alert_id = json_alert.get('id') alert_type = json_alert.get('type') alert_timestamp = json_alert.get('timestamp') alert_source = json_alert.get('source') alert_destination = json_alert.get('destination') alert_description = json_alert.get('description') # Return the parsed details return alert_id, alert_type, alert_timestamp, alert_source, alert_destination, alert_description
Description:
This function can be used to simplify the process of extracting specific pieces of alert information received from SIEM tools in JSON format by encapsulating the extraction process into a single function call. For example, you can call this function when you receive an alert in JSON format in the playbook node output, and it will return the relevant details, making it easier to work with the data with the rest of the playbook workflow.
alert_id: Extracts the value associated with the key id from the json_alert object.
alert_type: Extracts the value associated with the key type from the json_alert object.
alert_timestamp: Extracts the value associated with the key
timestamp
from the json_alert object.alert_source: Extracts the value associated with the key source from the json_alert object.
alert_destination: Extracts the value associated with the key destination from the json_alert object.
alert_description: Extracts the value associated with the key description from the json_alert object.
Generate Python Code to Convert Data Formats
Prompt: Write a function to extract and convert data formats (JSON) from structure A to structure B. Make the extraction function generic, and do not hardcode any values. Add all imports needed.
structure a { "entities": "{\"Ryuk\": \"malware\"}", "code": 1200, "status": "ok", "reason": "Success" } structure b { "malware": "Zeus" }
Response:
import json def extract_data(structure): entities = json.loads(structure["entities"]) malware = entities["Zeus"] return {"malware": malware} def script_function(): structure_a = { "entities": "{\"Zeus\": \"malware\"}", "code": 1200, "status": "ok", "reason": "Success" } structure_b = extract_data(structure_a) return structure_b
Description:
The script_function extracts specific data related to the Zeus malware entity from a dictionary structure_a and returns it in a new dictionary with the key malware. The code uses the json module to work with the entities key, which is expected to contain a JSON string representing a dictionary. This is a simple example of data extraction from a structured dictionary.
Generate Python Function to Chunk List Items
Prompt: Write a function to chunk a list of items based on a max chunk size. Return a list of lists.
Response:
def script_function(items, max_chunk_size): chunked_list = [] for i in range(0, len(items), max_chunk_size): chunked_list.append(items[i:i+max_chunk_size]) return chunked_list
Description:
This function is useful when you need to process a large list in smaller, manageable portions, especially when dealing with data that can be too large to handle all at once. By using this function, you can break down the data into chunks and process each chunk separately.
Generate Python Function to Verify Timestamps
Prompt: Write a condition function to check if a given timestamp is older than 24 hours, if it is return true, else return false
Response:
def script_function(timestamp): import datetime def is_older_than_24_hours(timestamp): current_time = datetime.datetime.now() time_difference = current_time - timestamp if time_difference.total_seconds() > 24 * 60 * 60: return True else: return False return is_older_than_24_hours(timestamp)
Description:
This code defines a function that checks whether a given timestamp is older than 24 hours by comparing it to the current time. It encapsulates this logic within the nested function is_older_than_24_hours, making it reusable and easy to understand.
Generate Python Function to Convert Timestamps
Prompt: Write a function to convert timestamps to YYYY-MM-DD:HH
Response:
def script_function(timestamp): import datetime datetime_obj = datetime.datetime.fromtimestamp(timestamp) formatted_datetime = datetime_obj.strftime("%Y-%m-%d:%H") return formatted_datetime
Description:
This code converts a Unix timestamp into a human-readable date and time string and returns it. The format of the resulting string is YYYY-MM-DD:HH where YYYY represents the year, MM represents the month, DD represents the day, and HH represents the hour in a 24-hour format.
Generate Python Function to Convert List to CSV
Prompt: Write a function to convert a list of lists into a CSV file, assume the first list to be headers
Response:
import csv def convert_to_csv(data): csv_file = 'output.csv' with open(csv_file, 'w', newline='') as file: writer = csv.writer(file) writer.writerows(data) return csv_file def script_function(data): return convert_to_csv(data)
Description:
This code provides a way to convert a list of data into a CSV file. The convert_to_csv function handles the actual conversion and file creation, and the script_function function acts as a wrapper that calls the conversion function and returns the name of the resulting CSV file.