If you're unsure how Protos AI can support your work as a Threat Intelligence Analyst, you can start with these example prompts based on common scenarios in threat intelligence. They'll help you explore the types of insights and outcomes Protos AI can deliver.
Pre-Incident Threat Landscape Scanning
Scenario:
You need to proactively understand the cybersecurity threats relevant to a specific industry, geographical region, or peer group, without being triggered by a particular incident.
Prompt (Copy-Paste):
"Provide a current snapshot of threat activity targeting [specific industry, e.g., 'financial services firms'] in [specific region, e.g., 'Southeast Asia']. Highlight notable actors, common techniques, and observed infrastructure."
What Protos AI will do:
Search open-source and commercial threat intelligence sources.
Summarize recent activity clusters and emerging trends.
Extract active indicators and associated infrastructure.
Visualize threats by geography, actor, or technique.
Outcome: Proactive awareness to support strategic threat hunting and enhance security readiness.
Technical Threat Brief Creation
Scenario:
You need to rapidly create a comprehensive technical brief about a newly identified cybersecurity threat, and you require assistance in distilling key facts and formatting the information for various stakeholders.
Prompt (Copy-Paste):
"Create a technical threat brief about [specific threat, e.g., 'a recent ransomware variant utilizing supply chain compromise']. Include technical details, Indicators of Compromise (IOCs), typical attack flow, and recommended mitigation strategies."
What Protos AI will do:
Search intelligence sources for incident details and associated research.
Extract Tactics, Techniques, and Procedures (TTPs), IOCs, and impacted systems.
Generate a structured brief, often in a clear markdown format, with relevant visuals.
Suggest effective mitigations and monitoring guidance.
Outcome: A polished, shareable brief for internal teams or external clients, enabling rapid dissemination of critical threat intelligence.
Threat Infrastructure Attribution
Scenario:
In the course of incident response or security monitoring, you've identified a suspicious network indicator (like a domain or IP address). You need to determine if it's connected to any known threat actor infrastructure or malicious campaigns.
Prompt (Copy-Paste):
"Investigate the network indicator [specific domain or IP address, e.g., 'malicious-domain[.]xyz']. Determine if it's linked to any known threat actors or malicious infrastructure. Enrich findings with historical data, relevant threat reports, and associated indicators."
What Protos AI will do:
Perform WHOIS, passive DNS, and SSL/TLS certificate analysis.
Query threat intelligence sources for attribution links or prior abuse.
Look for overlaps in TTPs, campaign characteristics, and actor profiles.
Map related infrastructure to visualize connections.
Outcome: Analyst-grade attribution support to connect suspicious infrastructure to known actors, campaigns, or malware families, aiding in deeper investigations.
Malicious Campaign Mapping
Scenario:
Multiple clients or internal systems are reporting similar signs of compromise, such as phishing emails or malware infections, with shared Indicators of Compromise (IOCs). You need to ascertain if these seemingly disparate events are actually part of a larger, coordinated malicious campaign.
Prompt (Copy-Paste):
"Investigate the following Indicators of Compromise (IOCs) to determine if they are part of a coordinated campaign. Identify any shared infrastructure, tactics, or operational links: [List of IOCs, e.g., 'phishing-url[.]com', 'malware-hash: abc123def456', 'command-and-control-ip: 192.168.1.100']"
What Protos AI will do:
Correlate provided IOCs using advanced graph analysis.
Identify shared infrastructure, registrant patterns, command-and-control communication, or behavioral commonalities.
Cluster indicators into potential campaigns, identifying distinct attack patterns.
Summarize the observed TTPs and potential actors involved.
Outcome: A visualized campaign map detailing indicators, shared infrastructure, and behavioral links, providing a clearer understanding of coordinated attacks.