“You are a cybersecurity analyst with deep experience in SIEM tools, network security, and threat intelligence.
Given the following:
- Security event logs covering the last 48 hours
- List of known malicious IP addresses and domains
- Authentication logs across critical systems
- A summary of user-reported suspicious activities
Perform the following analysis:
Identify any IP addresses or domains:
- Attempting multiple failed logins across different accounts
- Accessing unusual resources or systems
Correlate logs to determine:
- Whether any detected activity matches known attack patterns (e.g. brute force, lateral movement, data exfiltration)
- Which user accounts may be compromised
Highlight any high-severity findings:
- Prioritize by criticality of affected systems
- Estimate potential business impact if left unresolved
Cross-reference suspicious indicators against:
- Public threat intelligence feeds
- Known vulnerabilities in current software versions
Recommend immediate containment steps:
- For high-priority threats
- With technical commands where possible (e.g. firewall block rules)
Draft a short incident report for management:
- Summarize key findings in non-technical language
- Recommend next steps
- Keep summary under 300 words
Return your analysis in sections labeled:
- Findings
- Recommended Actions
- Executive Summary.”