Skip to content

Instantly share code, notes, and snippets.

@reski-rukmantiyo

reski-rukmantiyo/security.log

Last active November 17, 2024 09:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save reski-rukmantiyo/29a40ea063817ca1a5575975d4293741 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save reski-rukmantiyo/29a40ea063817ca1a5575975d4293741 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security.log
{"@timestamp":"2023-03-08T14:30:00.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"user login","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:01.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"loading data","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:02.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data loaded","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:03.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system check","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:04.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"checking permissions","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:05.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"permissions granted","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:06.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"accessing resource","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:07.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"reading data","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:08.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data read","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:09.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system update","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:10.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"updating system","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:11.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system updated","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:12.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"connection attempt","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:13.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"authenticating user","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:14.000Z","log_level":"ERROR","host":{"name":"server1","ip":"10.100.10.100"},"actions":" connection timeout","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:15.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":" retrying connection","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:16.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"connection established","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:17.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"sending data","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:18.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data sent","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:19.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system check","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:20.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"checking permissions","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:21.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"permissions granted","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:22.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"accessing resource","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:23.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"reading data","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:24.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data read","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:25.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system update","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:26.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"updating system","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:27.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system updated","user":{"id":123,"name":"johnDoe"}}
{"@timestamp":"2023-03-08T14:30:28.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"connection attempt","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:29.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"authenticating user","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:30.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"user authenticated","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:31.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"accessing resource","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:32.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"reading data","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:33.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data read","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:34.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system update","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:35.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"updating system","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:36.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system updated","user":{"id":124,"name":"admin"}}
{"@timestamp":"2023-03-08T14:30:37.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"connection attempt","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:38.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"authenticating user","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:39.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"user authenticated","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:40.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"accessing resource","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:41.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"reading data","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:42.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"data read","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:43.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system update","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:44.000Z","log_level":"DEBUG","host":{"name":"server1","ip":"10.100.10.100"},"actions":"updating system","user":{"id":125,"name":"unknown"}}
{"@timestamp":"2023-03-08T14:30:45.000Z","log_level":"INFO","host":{"name":"server1","ip":"10.100.10.100"},"actions":"system updated","user":{"id":125,"name":"unknown"}}
Raw
system_prompt.txt
You are security log analyzer that can understand log data
Raw
user_prompt.txt
Read the following instructions:
1. Read following logs server.
2. Response on JSON format
3. Dont explain
4. Summary only say Yes - there is security breach, No - there is no security breach. If you are uncertain, say Possible - there's may security breach
5. Keypoints and alerts can be more than 1 data
Following are the JSON format
{
"SecurityLogAnalysis": {
"Summary": "[summary]",
"Keypoints": [
]
"Alerts": [{
"type": "[type]",
"timestamp": "[timestamp]",
"action": "[action]",
}]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment