Use ChatGPT to Boost Security Operations Center Productivity
Managing the security operations center (SOC) is a constant pain for CISOs and security analysts. Finding experienced cybersecurity professionals who can use and manage monitoring tools skillfully is a longstanding challenge in security. Moreover, SOC processes don’t evolve fast enough to deal with the rapid shift to cloud infrastructures and cloud native application architectures. Consequently, SOC staff don’t have all the skills, processes and tools to identify and respond to cybersecurity incidents quickly.
We believe that using advanced machine learning and large language models (LLMs) can help optimize security processes and scale incident resolution (IR). Just consider the benefit of autogenerated postmortem incident reports and automated continuous feedback loops.
Role of AI in Incident Resolution
A tool like ChatGPT can automatically generate comprehensive postmortem reports. Following an incident, it can look at what happened, what was discussed and how the incident was resolved. It can also retrieve metrics, logs and other metadata around your system topology to add context to incident details. We can take these reports and decide what action to take and shift teams to be more resilient and proactive.
Like any new tool, ChatGPT requires the right oversight and comes with its own learning curve. Folks need to be on top of generative AI tools to ensure the accuracy and reliability of its actions. This will require rigorous testing and validation. And it has to be trained and tailored to your specific environment. It needs to learn from a rich data set that includes lots of context so it doesn’t get stuck when prompted with domain-specific terminology it doesn’t know.
With clear guidelines, regular reviews, access to a rich context-driven data set and a continuous feedback loop, we can make it happen. The application of LLMs can truly transform the SOC, reducing operational toil and increasing productivity.
Using PromptOps Slackbot
So how do you use technology like ChatGPT to capture conversations and data around each incident and implement changes efficiently? Whether you’re looking into incident evidence collection or end-to-end IR process creation, the PromptOps Slackbot has you covered. PromptOps lets you store what was discussed around each incident in Slack and how it was resolved without having to move between platforms. And it identifies changes to be implemented and automatically generates tickets on the user’s behalf.
Let’s walk through creating a postmortem investigation and generating JIRA tickets to apply changes using PromptOps.
1. Listening to the discussion in the incident channel
Think of PromptOps as the notetaker in the incident channel, actively listening in order to respond to your questions and requests.
2. Capturing and storing the entire conversation in Confluence
Use PromptOps to systematically capture, store and share the root-cause analysis and postmortems for the necessary context.
PromptOps can generate documentation around each incident — a summary of the incident, a timeline of failures, the people involved, the resolution and corrective actions — based on your Slack conversations. With this workflow, teams can foster speed and trust in incident resolution.
3. Creating a Jira ticket
Last, PromptOps can automatically create a Jira ticket based on the changes that need to be implemented.
Our solution to collecting incident evidence and creating an end-to-end IR process is powered by the
/store command. With Slack’s slash command integrations, we made the
/store command to create clear documentation and store it in your document store of choice, such as Confluence or Notion. The document can be stored in the format of existing templates.
More importantly, it creates a continuous feedback loop for better incident resolution. For example, you used the
/store command to summarize an incident in a retrospective template in Confluence. On another day, the team runs into the same issue. But instead of searching through Slack conversations and knowledge bases again, simply ask PromptOps. It’ll provide the exact answer needed from the doc you created and stored.
Consider the time saved using AI for root-cause investigations and the speed of evidence collection using AI tools like PromptOps. If the root-cause investigation is later deemed incorrect, saving a given window size of a variety of metrics considered relevant to the problem would be useful for future analysis.
Continuous Improvement with Data
A generative AI-powered knowledge base allows us to have a centralized repository of best practices to empower even the greenest team members to contribute like veterans. Through the AI assistant, we aim to democratize an organization’s access to valuable information and drive faster problem-solving. AI will empower SecOps and DevOps teams to communicate and collaborate asynchronously, working from the same context.
The best thing about smart tools like ChatGPT is that they get smarter. Data fuels them. And by capturing conversations and fetching relevant data within our infrastructure, feeding it and observing its activity, we can glean more insight than ever before. We can fine-tune workflows, automate more processes and drive efficiency to new heights while reducing errors.
Why toil when you can connect something like PromptOps to your SOC solutions and start working smarter?