Exercise 6 - Your Aura is PurpleAI

Slide 6 of 6

• We are going to use PurpleAI to search the data


• In the console, navigate to PurpleAI:
  • Enter the following prompt "Show me okta logins from jake.thompson@securatech.com over the last 10 days"
  • Verify that you have events returned
  • Now, enter this prompt "Can you break down by location?"
  • View results
  • Enter the next prompt "Group by region" and view results
  • Continue with the following prompt, "What are the unique IP addresses used for Okta logins by jake.thompson@securatech.com?"
  • After reviewing the results, use the next prompt "Can you list the devices used for Okta logins by jake.thompson@securatech.com?"
  • Let's continue to dig deeper with the following prompt "show me mfa challenge failed logs in okta over 36 hours"
  • How can we fine tune the next search, "Were there any successes?"
  • Hmmm, where else can we look "in Microsoft O365 logs what files were accessed by jake.thompson@securatech.com"
  • And finally "Can you write a report now for the incident?"
  • You can copy and paste this into your email body and send as needed
In this exercise, you will use PurpleAI to dig deeper into these logs.