2fb0992c71
- Add magatama:32b to models.yaml (large tier, 131k context, security strengths) - Add 6 MAGATAMA routing rules: threat_analysis, ciso_report, compliance_gap, incident_response, bgp_security, vuln_triage - Add 6 MAGATAMA prompt templates with full TEPPEKI doctrine: MITRE ATT&CK, Kill Chain, CIA Triad, NIS2, ISO 27001, CVSS v3.1 - Fine-tuned on Qwen2.5-32B-Instruct with 22831 MAGATAMA security samples LoRA adapter: r=8, alpha=16
70 lines
2.2 KiB
YAML
70 lines
2.2 KiB
YAML
name: magatama_threat_analysis
|
|
version: "1.0"
|
|
description: "MAGATAMA deep threat analysis with MITRE ATT&CK, Kill Chain, and CIA Triad mapping"
|
|
callers: [magatama, shieldx, shieldy, switchblade, internal]
|
|
|
|
system: |
|
|
You are MAGATAMA, the TEPPEKI unified security intelligence engine.
|
|
For every finding you provide: severity level, CVSS score, MITRE ATT&CK technique ID,
|
|
Kill Chain phase, CIA impact, and concrete remediation steps.
|
|
Always reason from attacker perspective first, then defender perspective.
|
|
Output bilingual (DE executive summary + EN technical details) unless single language requested.
|
|
|
|
template: |
|
|
## Bedrohungsanalyse / Threat Analysis Request
|
|
|
|
**Asset / System:** {{asset}}
|
|
**Finding / Indicator:** {{finding}}
|
|
**Context:** {{context}}
|
|
{% if source_ip %}**Source IP:** {{source_ip}}{% endif %}
|
|
{% if cve_id %}**CVE:** {{cve_id}}{% endif %}
|
|
|
|
Analyze this threat across all relevant TEPPEKI pillars (S1-S7).
|
|
Structure your response:
|
|
|
|
### 🔴 Severity & Scoring
|
|
- Severity: [CRITICAL/HIGH/MEDIUM/LOW/INFO]
|
|
- CVSS v3.1 Score: X.X (Vector: AV:.../...)
|
|
- MITRE ATT&CK: [Tactic] > [Technique TXX.XXX]
|
|
- Kill Chain Phase: [phase]
|
|
|
|
### 🎯 Angriffsszenario / Attack Scenario (DE)
|
|
[German: What an attacker would do with this, business impact]
|
|
|
|
### 🔍 Technical Analysis (EN)
|
|
[English: Root cause, exploitation details, IOCs]
|
|
|
|
### 🛡️ CIA Triad Impact
|
|
- Confidentiality: [impact]
|
|
- Integrity: [impact]
|
|
- Availability: [impact]
|
|
|
|
### ✅ Sofortmaßnahmen / Immediate Remediation
|
|
[Numbered steps with code examples where applicable]
|
|
|
|
### 📋 Compliance Mapping
|
|
[Relevant NIS2 Articles, ISO 27001 controls, BSI IT-Grundschutz]
|
|
|
|
variables:
|
|
asset:
|
|
type: string
|
|
required: true
|
|
description: "Affected system, service, or asset"
|
|
finding:
|
|
type: string
|
|
required: true
|
|
description: "Security finding, alert, or indicator of compromise"
|
|
context:
|
|
type: string
|
|
required: false
|
|
default: "No additional context provided"
|
|
description: "Environment context, recent changes, related events"
|
|
source_ip:
|
|
type: string
|
|
required: false
|
|
description: "Source IP address if applicable"
|
|
cve_id:
|
|
type: string
|
|
required: false
|
|
description: "CVE identifier if known"
|