ChatGPT

Communication and Collaboration

ChatGPT - An AI language model that provides conversational support, content generation, and assistance in various tasks.

Provider: ChatGPT

Detection Rule MITRE Tactic MITRE Technique Criticality
Inappropriate Content Generation Defense Evasion T1070: Indicator Removal on Host High
Investigation Actions (APIs) Get flagged content logs
Get user prompt history
Incident Creation Criteria Detection of hate speech, violence, or illegal activity prompts.
Manipulative Query Patterns Reconnaissance T1598: Phishing Campaign High
Investigation Actions (APIs) Get user input patterns
Get frequency of specific keywords
Incident Creation Criteria Repeated use of manipulative prompts to generate harmful responses.
Anomalous Session Duration Persistence T1059: Command-Line Interface Medium
Investigation Actions (APIs) Get session duration logs
Get chat interaction metrics
Incident Creation Criteria Sessions longer than 2 hours without breaks from a single user.
Unusual User Behavior Behavioral Analysis T1071: Application Layer Protocol High
Investigation Actions (APIs) Get user activity metrics
Get API call frequency logs
Incident Creation Criteria Significant deviation from normal user interaction patterns.
Accessing Restricted Features Privilege Escalation T1068: Exploitation for Client Execution Critical
Investigation Actions (APIs) Get logs of feature usage
Get user role and access logs
Incident Creation Criteria Unauthorized access to admin or sensitive model features.
Automated Response Abuse Impact T1489: Service Stop Medium
Investigation Actions (APIs) Get logs of automated queries
Get user activity alerts
Incident Creation Criteria Detection of automated scripts attempting to exploit model outputs.
Excessive API Call Patterns Resource Development T1071.001: Application Layer Protocol: Web Protocols High
Investigation Actions (APIs) Get API rate limit logs
Get user session activity
Incident Creation Criteria More than 500 API calls in a 30-minute window from a single user.
Sensitive Data Extraction Attempts Exfiltration T1041: Exfiltration Over Command and Control Channel Critical
Investigation Actions (APIs) Get logs of exported conversations
Get user data access logs
Incident Creation Criteria Attempts to extract sensitive data flagged by predefined rules.
Model Exploitation via Fine-Tuning Impact T1203: Exploitation for Client Execution Critical
Investigation Actions (APIs) Get fine-tuning request logs
Get user role change notifications
Incident Creation Criteria Unauthorized fine-tuning requests from non-privileged users.
Unauthorized API Key Usage Initial Access T1078: Valid Accounts High
Investigation Actions (APIs) Get API key usage logs
Get user authentication logs
Incident Creation Criteria API key usage from IPs not associated with authorized users.

APIs and Their Scopes

Detections Name API Required Scope Required
Inappropriate Content Generation

GET /chat/logs/flagged

GET /chat/prompts

read:chat_logs

read:prompts

Manipulative Query Patterns

GET /chat/logs/user

GET /chat/stats

read:user_activity

read:stats

Anomalous Session Duration

GET /chat/sessions

GET /chat/metrics

read:sessions

read:metrics

Unusual User Behavior

GET /chat/user/activity

GET /chat/usage

read:user_activity

read:usage

Accessing Restricted Features

GET /features/access

GET /user/roles

read:features

read:roles

Automated Response Abuse

GET /chat/automated/queries

GET /chat/alerts

read:automated_queries

read:alerts

Excessive API Call Patterns

GET /api/usage

GET /api/rate_limits

read:api_usage

read:rate_limits

Sensitive Data Extraction Attempts

GET /data/export/logs

GET /data/access

read:data_exports

read:data_access

Model Exploitation via Fine-Tuning

GET /model/fine-tuning/requests

GET /user/roles

read:fine_tuning

read:roles

Unauthorized API Key Usage

GET /api/keys/logs

GET /user/authentication

read:api_keys

read:authentication

Reports and Widgets for CISO

Report Name Widgets Description
Unauthorized Access Report Graph:Failed Login Attempts Provides an overview of user login patterns, highlighting unusual or unauthorized access attempts.

Map: Unusual Login Locations
Content Violation Summary Counter:Total Flagged Content Summary of flagged inappropriate content generation.

Pie Chart: Types of Violations

API Usage Analytics Line Chart:API Call Volume Over Time Analysis of API usage patterns and potential abuse.

List: Excessive Usage Alerts
Sensitive Data Exposure Report Counter: Detected Data Extractions Incidents of sensitive data extraction attempts.

Bar Chart: Data Types Exposed

Automated Query Detection Counter: Automated Queries Detected Insights into potential abuse via automated scripts.

Graph: Frequency of Automated Activity

User Behavior Analytics List: Anomalous User Behavior Events Analysis of user interactions and anomalies.

Gauge:Average Session Duration

Fine-Tuning Activity Report Counter: Fine-Tuning Requests

Overview of model fine-tuning requests and access.
List: Unauthorized Access Attempts
Compliance Status Report Counter: Compliance Violations

Summary of adherence to regulatory requirements.
List: Audit Trail Summary
Incident Response Overview Bar Chart: Incidents Resolved vs. Outstanding

Summary of incident response actions taken.
Gauge: Average Response Time
Risk Assessment Dashboard Heat Map: Risk Levels

High-level overview of security posture and risks.
Progress Bar: Mitigation Progress