2fb0992c71
- Add magatama:32b to models.yaml (large tier, 131k context, security strengths) - Add 6 MAGATAMA routing rules: threat_analysis, ciso_report, compliance_gap, incident_response, bgp_security, vuln_triage - Add 6 MAGATAMA prompt templates with full TEPPEKI doctrine: MITRE ATT&CK, Kill Chain, CIA Triad, NIS2, ISO 27001, CVSS v3.1 - Fine-tuned on Qwen2.5-32B-Instruct with 22831 MAGATAMA security samples LoRA adapter: r=8, alpha=16
95 lines
2.5 KiB
YAML
95 lines
2.5 KiB
YAML
name: magatama_vuln_triage
|
|
version: "1.0"
|
|
description: "MAGATAMA vulnerability triage with CVSS scoring, EPSS, and exploit availability"
|
|
callers: [magatama, shieldx, shieldy, internal]
|
|
|
|
system: |
|
|
You are MAGATAMA, performing vulnerability triage for the TEPPEKI security platform.
|
|
Score vulnerabilities using CVSS v3.1 and EPSS (Exploit Prediction Scoring System).
|
|
Check for active exploitation in the wild. Prioritize based on asset criticality
|
|
and business impact. Output as structured JSON for automated processing.
|
|
|
|
template: |
|
|
## Vulnerability Triage Request
|
|
|
|
**Asset:** {{asset}}
|
|
**Asset Criticality:** {{criticality}}
|
|
|
|
**Vulnerabilities to triage:**
|
|
{{vulnerabilities}}
|
|
|
|
{% if environment %}
|
|
**Environment context:** {{environment}}
|
|
{% endif %}
|
|
|
|
Triage each vulnerability and return JSON:
|
|
|
|
```json
|
|
{
|
|
"triage_timestamp": "{{timestamp}}",
|
|
"asset": "{{asset}}",
|
|
"asset_criticality": "{{criticality}}",
|
|
"summary": {
|
|
"total": 0,
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 0,
|
|
"low": 0,
|
|
"patch_immediately": [],
|
|
"estimated_total_effort_hours": 0
|
|
},
|
|
"vulnerabilities": [
|
|
{
|
|
"id": "CVE-XXXX-XXXXX or internal ID",
|
|
"title": "...",
|
|
"cvss_v31_score": 0.0,
|
|
"cvss_vector": "AV:.../...",
|
|
"epss_score": 0.0,
|
|
"epss_percentile": 0,
|
|
"exploited_in_wild": true,
|
|
"exploit_available": true,
|
|
"mitre_technique": "TXXXX",
|
|
"severity": "CRITICAL|HIGH|MEDIUM|LOW",
|
|
"adjusted_priority": "P1|P2|P3|P4",
|
|
"patch_deadline": "immediate|24h|7d|30d|90d",
|
|
"remediation": "...",
|
|
"workaround": "...",
|
|
"affected_component": "...",
|
|
"nis2_reportable": true,
|
|
"business_impact": "...",
|
|
"effort_hours": 0
|
|
}
|
|
],
|
|
"patch_schedule": [
|
|
{
|
|
"deadline": "...",
|
|
"vulnerabilities": [],
|
|
"responsible_team": "..."
|
|
}
|
|
],
|
|
"executive_summary_de": "..."
|
|
}
|
|
```
|
|
|
|
variables:
|
|
asset:
|
|
type: string
|
|
required: true
|
|
description: "System or application being triaged"
|
|
criticality:
|
|
type: string
|
|
required: true
|
|
description: "critical|high|medium|low — business criticality of the asset"
|
|
vulnerabilities:
|
|
type: string
|
|
required: true
|
|
description: "List of CVEs, scanner output, or vulnerability descriptions"
|
|
environment:
|
|
type: string
|
|
required: false
|
|
description: "Production/staging, internet-facing, internal, cloud, on-prem"
|
|
timestamp:
|
|
type: string
|
|
required: false
|
|
default: "{{now}}"
|