What is it ?
For a security engineer, it is hard to keep learn and keep track of mulrple SIEM and firewall DSLs for writing detection rules. In your workflow, you just want 'ask' about specific threats and advisories and let someone write detection rules for that threat
Threat Detection Rule expert does exactly that. We maintain knowledge of vendor DSLs and best practice rule writing guides from multiple SIEM and Firewall vendors, make it available to you at your finger tips.
Where to Access ?
Here is the link to Transilience Threat Intelligence Expert, Custom GPT
Any questions on the GPT, fee free to join our community and ask.
Features
The following vendors are supported
- SIEMs
- Splunk SPL detection rules
- IBM QRadar and AQL rules
- Firewalls
- Palo Alto Networks Firewall
- Cisco ASA
- Fortinet FortiOS
- Cloud
- AWS
Use Cases
| Use Case | Prompt Example | Screenshot | Demo |
| Splunk: Write a detection rule in Splunk SPL | write a detection rule to detect inbound traffic from 34.4.22.456 in SPL detection language |  | Demo |
| QRadar : Detection rules in QRadar AQL | write a detection rule to detect inbound traffic from 34.4.22.456 in qradar detection language |  | Demo |
| Palo Alto: Blocking rules in Palo Alto Firewall | write a detection rule to detect inbound traffic from 34.4.22.456 in Palo Alto Networks Firewall |  | Demo |
| Cisco ASA: Blocking rules in Cisco ASA Firewall |  | Demo |
Release notes
Version 0.2
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article