Why Prompt Engineering Matters
The same model will give you dramatically different results depending on how you phrase your request. Prompt engineering is the practice of structuring your input to get consistently useful output.
Be Specific
Vague prompts get vague answers. Instead of “summarize this log,” try “summarize this Apache access log and identify any requests that look like directory traversal attempts.”
Role Prompting
Tell the model what role to play. This sets the tone, vocabulary, and focus of the response.
Example:
“You are a senior SOC analyst. Review the following alert and determine if it warrants escalation.”
Chain of Thought
Ask the model to think step by step before giving a final answer. This improves accuracy on complex tasks.
Example:
“Think through this step by step before giving your final recommendation.”
Few-Shot Examples
Show the model what good output looks like by providing examples before your actual request.
Example:
“Here are two examples of how I want IOCs formatted: [example 1], [example 2]. Now format these IOCs the same way: [your data]”
Negative Constraints
Tell the model what NOT to do.
Example:
“Do not include any CVEs older than 2023. Do not speculate — only include confirmed findings.”
Specify Output Format
If you need JSON, a table, or bullet points — ask for it explicitly.
Example:
“Return your findings as a JSON array with fields: indicator, type, confidence, and notes.”
Iterate
Your first prompt is rarely your best. Treat prompting like debugging — refine based on the output you get.