Prompts
Prompts are the primary way you instruct an agent on what to do. They are especially relevant for defining an agent’s roles and tasks, ensuring it knows what responsibilities to handle and how to approach them. Prompts are used throughout the Agent Builder to define roles, responsibilities, constraints, and tasks but not limited to these alone. A strong prompt provides clear, contextual, and actionable guidance, improving the agent’s accuracy, predictability, and relevance.-
Be clear and outcome-oriented: Prompts should state a specific objective and define what success looks like. For Example:
-
“Classify this alert using MITRE ATT&CK and assign an escalation tier based on IOC matches.”
-
“Handle alert.” (Too vague—what does handling involve?)
-
-
Provide operational context: Include details about vendors, inputs, and decision criteria. For Example:
- “Evaluate based on CrowdStrike telemetry and Okta logs.”
- “Use the
risk evaluationability (workflow) to determine the risk level.”
-
Avoid ambiguity: State conditions explicitly to reduce variability in agent behavior. For Example:
-
“Escalate only if
alert.priorityis ‘High’ and the asset is taggedproduction.” -
“Decide based on priority.” (Unclear what defines priority)
-
-
Use procedural, decision-oriented verbs: Start prompts with action words that align with decision-making, classification, or evaluation. For Example:
- “Classify the alert…”
- “Determine whether…”
- “Summarize the investigation…”
- “Evaluate the access request…”
-
Specify style and tone: Define how the agent should communicate: concise, technical, user-friendly, formal, etc. For Example:
- “Respond with a concise, technical summary suitable for a ticket.”
- “Summarize in plain language suitable for Slack.”
- “Use JSON format with clear field names and short justifications.”
- “Maintain a neutral and professional tone when declining access.”
Examples of Strong Prompts
Examples of Strong Prompts
| Prompt | Why It Works |
|---|---|
| “Classify the incoming alert using MITRE ATT&CK and tag it with tactic/technique IDs.” | Outcome is precise; uses a known framework. |
| “Determine whether to approve access based on risk score, department, and recent activity.” | Offers multi-dimensional logic. |
| “Summarize threat details, including affected systems, IOC matches, and remediation status.” | Clear structure expected in response. |
Examples of Weak Prompts
Examples of Weak Prompts
| Prompt | Issue |
|---|---|
| “Handle this alert.” | Too general—unclear what handling involves. |
| “Decide based on risk.” | Doesn’t define how risk is measured or which data is used. |
| “Check logs.” | No clarity on purpose or expected outcome. |
Writing Instructions for Roles & Responsibilities vs. Tasks
When writing Roles & Responsibilities keep in mind- Behavior is relevant across multiple workflows.
- You are defining a persistent capability or policy.
- You want to clarify what the agent is accountable for long-term.
- Roles & Responsibilities defines the agent’s core functional purpose (e.g., “access approver,” “alert triage”).
- You are instructing the agent for a specific decision or action.
- Workflow inputs require custom logic.
- You want temporary behavior overrides.
- Don’t repeat an agent’s general responsibilities inside every task.
- Tasks build on top of roles, think of them as execution-level instructions, not replacements for responsibilities.
| Aspect | Agent Roles & Constraints | Agent Tasks |
|---|---|---|
| Defined In | Agent Configuration | Workflow step |
| Scope | Broad, persistent function | Narrow, situational instruction |
| Granularity | General purpose (e.g., “triage alerts”) | Execution-specific (e.g., “classify alert if risk > 80”) |
| Reuse | Reused across workflows | Defined per workflow |
Agent Configuration
Defining Roles
Define the agent’s role within your environment, including its primary responsibilities and any operational constraints it should follow. This helps shape how the agent behaves and interacts with your systems.- Define responsibilities in business terms: Focus on what the agent is responsible for from an operational standpoint (e.g., “approves or denies privileged access requests based on risk”).
- Align with your security functions: Match responsibilities with real-world roles like “Access Reviewer,” “Alert Classifier,” or “Policy Auditor.”
- Keep the scope focused to simplify logic and maintenance.
- Avoid overloading: Limit the agent to a focused domain of responsibility to reduce complexity and promote maintainability.
Defining Roles Example
Defining Roles Example
You are a Security Analyst and an expert in phishing attacks and their detection.You are presented with a Case. Based on the given information and any additional information you can obtain, you must:
- Score the likelihood of the email or its contents (e.g., URLs, attachments) being a Phishing attack or Spam, on a scale of 0 to 100.
-
Explain your reasoning in three formats:
- Short: concise summary of findings.
- Long: detailed explanation of your analysis.
- HTML: structured report that clearly states the final verdict (e.g., Malicious / Spam / Phishing / Safe) and shows the malicious and spam scores.
- Scan all URLs in the email using “Agent Utility - PP URL Scan” (Ability)
- Review Perception Point scan results and consider all evidence, especially anything labeled as malicious.
- If a URL is found clean, use “Agent Utility - Get HTML URLs” (Ability) to extract URLs from the page, then scan any suspicious URLs found on that page.
- Enrich IP addresses to check for spam reports or other inconsistencies.
- Make sure the analysis is thorough and considers all available observables.
- Provide clear, structured, and actionable output in all requested formats.
Defining Constraints
- Outline what the agent should not do, by clearly defining any boundaries or constraints it must follow. This helps guide the agent’s behavior and ensures it operates within the intended limits of your environment.
Assigning Agent Abilities (Workflows)
Abilities determine what workflows an agent can access.- Follow least privilege: Grant only essential workflows.
- Validate: Use a clear and descriptive name for the workflow. Include a concise description of its purpose, and ensure all inputs and outputs are clearly defined and well-documented.
- Group by function: Align workflows to the agent’s domain (e.g., access control, alert triage).
Knowledge
- Use meaningful file names: Assign clear, descriptive names to each file based on its purpose or content. This makes it easier to manage documents and helps optimize query performance.
-
Guide the agent to use knowledge consistently- The agent may not always reference its available knowledge automatically. To ensure it does, include explicit instructions in the agent’s role definition.
- Example: “Always begin by querying knowledge before taking any action.”
- Reference specific document names in Instructions: When you want to refine results or control which sources are used, specify the document name directly in your instructions. This improves precision and reduces irrelevant responses.
Agent Tasks
Defining Tasks
Tasks describe the specific mission the agent must perform. They provide clear, actionable instructions based on a specific use case, for example a workflow’s logic and inputs. Unlike roles and responsibilities, which define what the agent is generally accountable for, tasks are precise and contextual.-
Be contextual and execution-specific: Frame the task around the specific use cases goal.
-
Good: “Evaluate if the user’s access to production servers is valid based on location, time, and group membership.”
-
Bad: “Review access.”
-
- Include all relevant inputs: Reference the data the agent should use in its decision-making (e.g., alert severity, source IP, user department).
- Use domain-specific language: Tailor the phrasing to your security or operational use case so the agent understands the terminology and logic.
- Keep the task narrowly scoped: One task = one decision, classification, or action. Break larger objectives into separate workflow steps if needed.
- Repeat critical instructions in the agent task (if essential) – LLMs prioritize the most recent input, so if certain guidance is crucial, it’s recommended to repeat it in the agent task, even if it’s already defined in roles or constraints, to ensure it’s followed.
- Avoid conflicting guidance across instructions- When multiple instructions contain overlapping or contradictory information, the LLM may become confused. It is important to ensure that the agent task’s instructions reinforces or restates key rules instead of assuming the model will recall or reconcile the instructions stated in the roles and constraints section.
Structuring Agent Outputs
To prevent using real data during testing, you can use the mock output feature. This allows you to simulate step results without consuming your tenant’s data quota.
- Define an output schema: Use consistent structures like JSON.
- Include metadata: Capture fields like
risk_level,decision_justification, orpolicy_violation. - Log identifiers: Include values like
ticket_id,incident_id, orrequestor.
JSON Output Format- Alert Mapping to MITRE ATT&CK Example
JSON Output Format- Alert Mapping to MITRE ATT&CK Example
Alert Mapping to MITRE ATT&CK
ThisJSON output example maps alert details to the MITRE ATT&CK framework, offering standardized fields like alert_name, alert_title, source, and severity. Most importantly, it includes a mitre_mapping field that ties observed behavior to known adversary tactics and techniques. This format helps analysts quickly understand the nature of the threat and align it with industry-recognized classifications for faster, more informed response.