ChatGPT
Communication and Collaboration
ChatGPT - An AI language model that provides conversational support, content generation, and assistance in various tasks.
Provider: ChatGPT
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||||
---|---|---|---|---|---|---|---|---|---|
Inappropriate Content Generation | Defense Evasion | T1070: Indicator Removal on Host | High | ||||||
|
|||||||||
Manipulative Query Patterns | Reconnaissance | T1598: Phishing Campaign | High | ||||||
|
|||||||||
Anomalous Session Duration | Persistence | T1059: Command-Line Interface | Medium | ||||||
|
|||||||||
Unusual User Behavior | Behavioral Analysis | T1071: Application Layer Protocol | High | ||||||
|
|||||||||
Accessing Restricted Features | Privilege Escalation | T1068: Exploitation for Client Execution | Critical | ||||||
|
|||||||||
Automated Response Abuse | Impact | T1489: Service Stop | Medium | ||||||
|
|||||||||
Excessive API Call Patterns | Resource Development | T1071.001: Application Layer Protocol: Web Protocols | High | ||||||
|
|||||||||
Sensitive Data Extraction Attempts | Exfiltration | T1041: Exfiltration Over Command and Control Channel | Critical | ||||||
|
|||||||||
Model Exploitation via Fine-Tuning | Impact | T1203: Exploitation for Client Execution | Critical | ||||||
|
|||||||||
Unauthorized API Key Usage | Initial Access | T1078: Valid Accounts | High | ||||||
|
APIs and Their Scopes
Detections Name | API Required | Scope Required |
---|---|---|
Inappropriate Content Generation | GET /chat/logs/flagged GET /chat/prompts |
read:chat_logs read:prompts |
Manipulative Query Patterns | GET /chat/logs/user GET /chat/stats |
read:user_activity read:stats |
Anomalous Session Duration | GET /chat/sessions GET /chat/metrics |
read:sessions read:metrics |
Unusual User Behavior | GET /chat/user/activity GET /chat/usage |
read:user_activity read:usage |
Accessing Restricted Features | GET /features/access GET /user/roles |
read:features read:roles |
Automated Response Abuse | GET /chat/automated/queries GET /chat/alerts |
read:automated_queries read:alerts |
Excessive API Call Patterns | GET /api/usage GET /api/rate_limits |
read:api_usage read:rate_limits |
Sensitive Data Extraction Attempts | GET /data/export/logs GET /data/access |
read:data_exports read:data_access |
Model Exploitation via Fine-Tuning | GET /model/fine-tuning/requests GET /user/roles |
read:fine_tuning read:roles |
Unauthorized API Key Usage | GET /api/keys/logs GET /user/authentication |
read:api_keys read:authentication |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Unauthorized Access Report | Graph:Failed Login Attempts | Provides an overview of user login patterns, highlighting unusual or unauthorized access attempts. |
Map: Unusual Login Locations |
||
Content Violation Summary | Counter:Total Flagged Content | Summary of flagged inappropriate content generation. |
Pie Chart: Types of Violations |
||
API Usage Analytics | Line Chart:API Call Volume Over Time | Analysis of API usage patterns and potential abuse. |
List: Excessive Usage Alerts |
||
Sensitive Data Exposure Report | Counter: Detected Data Extractions | Incidents of sensitive data extraction attempts. |
Bar Chart: Data Types Exposed |
||
Automated Query Detection | Counter: Automated Queries Detected | Insights into potential abuse via automated scripts. |
Graph: Frequency of Automated Activity |
||
User Behavior Analytics | List: Anomalous User Behavior Events | Analysis of user interactions and anomalies. |
Gauge:Average Session Duration |
||
Fine-Tuning Activity Report | Counter: Fine-Tuning Requests | Overview of model fine-tuning requests and access. |
List: Unauthorized Access Attempts | ||
Compliance Status Report | Counter: Compliance Violations |
Summary of adherence to regulatory requirements. |
List: Audit Trail Summary | ||
Incident Response Overview | Bar Chart: Incidents Resolved vs. Outstanding |
Summary of incident response actions taken. |
Gauge: Average Response Time | ||
Risk Assessment Dashboard | Heat Map: Risk Levels |
High-level overview of security posture and risks. |
Progress Bar: Mitigation Progress |