Skip to main content

Cyware Orchestrate

Example Prompts for AI Assist

This section provides example prompts to help you create custom code using the AI Assist feature. You can create and insert custom code on Action Nodes and Condition Node.

Note

The following example responses are for representation purposes only.

Generate Python Code to Parse JSON Alert

Prompt: Write a Python function to parse important details from an SIEM JSON alert.

Response:

import json
def script_function(json_alert):
    # Parse important details from the SIEM JSON alert
    alert_id = json_alert.get('id')
    alert_type = json_alert.get('type')
    alert_timestamp = json_alert.get('timestamp')
    alert_source = json_alert.get('source')
    alert_destination = json_alert.get('destination')
    alert_description = json_alert.get('description')
    
    # Return the parsed details
    return alert_id, alert_type, alert_timestamp, alert_source, alert_destination, alert_description

Description:

This function can be used to simplify the process of extracting specific pieces of alert information received from SIEM tools in JSON format by encapsulating the extraction process into a single function call. For example, you can call this function when you receive an alert in JSON format in the playbook node output, and it will return the relevant details, making it easier to work with the data with the rest of the playbook workflow.

  • alert_id: Extracts the value associated with the key id from the json_alert object.

  • alert_type: Extracts the value associated with the key type from the json_alert object.

  • alert_timestamp: Extracts the value associated with the key timestamp from the json_alert object.

  • alert_source: Extracts the value associated with the key source from the json_alert object.

  • alert_destination: Extracts the value associated with the key destination from the json_alert object.

  • alert_description: Extracts the value associated with the key description from the json_alert object.

Generate Python Code to Convert Data Formats

Prompt: Write a function to extract and convert data formats (JSON) from structure A to structure B. Make the extraction function generic, and do not hardcode any values. Add all imports needed.

structure a {
    "entities": "{\"Ryuk\": \"malware\"}",
    "code": 1200,
    "status": "ok",
    "reason": "Success"
}
structure b
{
    "malware": "Zeus"
}

Response:

import json

def extract_data(structure):
    entities = json.loads(structure["entities"])
    malware = entities["Zeus"]
    return {"malware": malware}

def script_function():
    structure_a = {
        "entities": "{\"Zeus\": \"malware\"}",
        "code": 1200,
        "status": "ok",
        "reason": "Success"
    }
    structure_b = extract_data(structure_a)
    return structure_b

Description:

The script_function extracts specific data related to the Zeus malware entity from a dictionary structure_a and returns it in a new dictionary with the key malware. The code uses the json module to work with the entities key, which is expected to contain a JSON string representing a dictionary. This is a simple example of data extraction from a structured dictionary.

Generate Python Function to Chunk List Items

Prompt: Write a function to chunk a list of items based on a max chunk size. Return a list of lists.

Response:

def script_function(items, max_chunk_size):
    chunked_list = []
    for i in range(0, len(items), max_chunk_size):
        chunked_list.append(items[i:i+max_chunk_size])
    return chunked_list

Description:

This function is useful when you need to process a large list in smaller, manageable portions, especially when dealing with data that can be too large to handle all at once. By using this function, you can break down the data into chunks and process each chunk separately.

Generate Python Function to Verify Timestamps

Prompt: Write a condition function to check if a given timestamp is older than 24 hours, if it is return true, else return false

Response:

def script_function(timestamp):
    import datetime
    def is_older_than_24_hours(timestamp):
        current_time = datetime.datetime.now()
        time_difference = current_time - timestamp
        if time_difference.total_seconds() > 24 * 60 * 60:
            return True
        else:
            return False

    return is_older_than_24_hours(timestamp)

Description:

This code defines a function that checks whether a given timestamp is older than 24 hours by comparing it to the current time. It encapsulates this logic within the nested function is_older_than_24_hours, making it reusable and easy to understand.

Generate Python Function to Convert Timestamps

Prompt: Write a function to convert timestamps to YYYY-MM-DD:HH

Response:

def script_function(timestamp):
    import datetime
    datetime_obj = datetime.datetime.fromtimestamp(timestamp)
    formatted_datetime = datetime_obj.strftime("%Y-%m-%d:%H")
    return formatted_datetime

Description:

This code converts a Unix timestamp into a human-readable date and time string and returns it. The format of the resulting string is YYYY-MM-DD:HH where YYYY represents the year, MM represents the month, DD represents the day, and HH represents the hour in a 24-hour format.

Generate Python Function to Convert List to CSV

Prompt: Write a function to convert a list of lists into a CSV file, assume the first list to be headers

Response:

import csv

def convert_to_csv(data):
    csv_file = 'output.csv'
    with open(csv_file, 'w', newline='') as file:
        writer = csv.writer(file)
        writer.writerows(data)
    return csv_file

def script_function(data):
    return convert_to_csv(data)

Description:

This code provides a way to convert a list of data into a CSV file. The convert_to_csv function handles the actual conversion and file creation, and the script_function function acts as a wrapper that calls the conversion function and returns the name of the resulting CSV file.