Example Prompts
ℹ️ This page contains some example prompts to get you started with 'vibe security' :)
There are three main ways to communicate effectively with the agent: Unstructured Chat, Import Structured Information, Direct Commands via the instruction table. In most cases you will need the ID of the asset you want to work with which you can get by asking the agent directly.
Below you can find practical examples of how to use the agent.
➤ Asset Management
In the table below you can see the structured desciption of the expected communication with the agent. You can use free form variants of the 'Promp example(s)' below, similar to the way you chat with a traditional LLM.
⦿ Unstructured chat
These are simple interactions that will help you get started. Once you import more data, you can perform more complex interactions.
"Can you show me a list of all my assets?"
"Please list all existing assets in my system."
"I need details for asset ID 12345. Can you get that for me?"
"Show me the information you have on asset UUID abcdef-67890."
"I'd like to update asset 12345. Change the hostname to 'new-hostname' and update the description please."
"Please update the IP address and description for asset 67890."
"Delete asset 54321 permanently from the system."
"What are the criticality levels available for assets?"
"Can you list all the options I can set for asset properties?"
⦿ Prompts Table
Action
Prompt Example(s)
Notes
List all existing assets
list all assets
show me my assets
Retrieves the full list of assets.
Get details of a specific asset
get asset details for [Asset ID]
show me asset [Asset UUID]
Replace [Asset ID]/[Asset UUID] with the actual identifier.
Update an existing asset
update asset [Asset ID] (then specify fields like name, hostname, IP, description)
Requires specifying which fields to update.
Delete an asset
delete asset [Asset ID]
Irreversible action—removes asset permanently.
List asset criticality levels
list asset criticality levels
Shows available criticality classifications (e.g., High, Medium, Low).
List available property options
list asset property options
Displays allowable values for asset properties/fields.
To create a new asset with a promt you will need to follow the scheme below. It can be structured as a sentence eg. 'Please create a new asset for my side server which is very critical for my operation. IP is xx.xx.xx.xx....', but it will reply with missing information request for additional details.
{
"name": "create a new asset",
"data": {
"name": "unique asset name",
"hostname": "unique hostname",
"ip_address": "unique IP address",
"risk_owner_id": "unique risk owner ID",
"description": "optional description",
"criticality": "optional criticality",
"environment": "optional environment",
"infrastructure": "optional infrastructure",
"exposed": "optional status (true/false)"
}
} ➤ Project management
⦿ Unstructured Chat
"Can you list all my current projects?"
"Show me a list of all projects I’m managing."
"I want details for project ID 98765. Can you get that?"
"Please show me project with UUID xyz-12345."
"Update project 98765. Change the status to 'in progress' and update the execution end date."
"Make changes to project 54321 by updating the owner and adding a description."
"Delete project 12345 permanently from the system."
"List OWASP checklists for project 98765 on the web platform."
"Show me details for OWASP check 456 for project 98765."
"Update the OWASP check 456 for project 98765 to ‘pass’ and add a comment: 'Remediation completed'.
⦿ Prompts Table
Action
Prompt Example(s)
Notes
List all existing projects
list all projects
show me my projects
Retrieves the full list of projects.
Get details of a specific project
get project details for [Project ID]
show me project [Project UUID]
Replace [Project ID]/[Project UUID] with the actual identifier.
Update an existing project
update project [Project ID] (then specify the fields to change)
Requires specifying which fields to update.
Delete a project
delete project [Project ID]
Irreversible action—permanently removes the project.
List OWASP checklists for a project
list OWASP checklists for project [Project ID] for platform [web/android/ios]
Retrieves OWASP checklist items for the given project and platform.
Get details of a specific OWASP check
get OWASP check [Check ID] for project [Project ID]
Replace [Check ID] and [Project ID] with actual identifiers.
Update a specific OWASP check
update OWASP check [Check ID] for project [Project ID] (then specify status: none/failed/pass, + comment)
Allows changing check status and adding an optional comment.
Similar to creating any asset on the platform, you will need to provide some data via a structured prompt or fill in the details after the request message of the agent.
{
"name": "create a new project",
"data": {
"name": "unique project name",
"type": "project type",
"status": "project status",
"execution_start_date": "YYYY-MM-DD",
"execution_end_date": "YYYY-MM-DD",
"infrastructure": "project infrastructure",
"owner_id": "unique owner ID"
}
}➤ Vulnerability Management
⦿ Unstructured Chat
"Can you list all the vulnerabilities in the system?"
"Show me all current vulnerabilities, please."
"List vulnerabilities for project 24680."
"Can you show me the vulnerabilities linked to project 13579?"
"I need details on vulnerability ID 112233. Can you get that for me?"
"Show me vulnerability UUID abcd-5678-efgh."
"Update vulnerability 112233. Change the status to 'in progress' and update the description."
"Please update the severity level and remediation steps for vulnerability 445566."
"Delete vulnerability 778899 from the records permanently."
"I'd like to add a comment to vulnerability 112233: 'Awaiting patch from vendor.'"
"Add this note to vulnerability 123456: 'Verified as a false positive after retesting.'"
"Can you list all comments for vulnerability 112233?"
"Show me the comment history for vulnerability 654321."
"List all current Time-to-Resolve configurations for vulnerabilities."
"Can you show the TTR settings for each vulnerability impact level?"
"Create a new TTR configuration: set critical to 3 days, high to 7 days, medium to 14 days, low to 30 days, and none to 90 days."
"I want to define Time-to-Resolve: 2 days for critical, 5 for high, 10 for medium, 20 for low, and 60 for none."
⦿ Prompts Table
Action
Prompt Example(s)
Notes
List all vulnerabilities
list all vulnerabilities
Retrieves the full list of vulnerabilities across all projects.
List vulnerabilities for a specific project
list vulnerabilities for project [Project ID]
Shows vulnerabilities tied to a specific project.
Get details of a specific vulnerability
get vulnerability [Vulnerability ID]
show me vulnerability [Vulnerability UUID]
Replace [Vulnerability ID] with the actual identifier.
Update an existing vulnerability
update vulnerability [Vulnerability ID] (then specify fields to change)
Requires specifying which fields to update (e.g., severity, description).
Delete a vulnerability
delete vulnerability [Vulnerability ID]
Irreversible action—removes vulnerability permanently.
Add a comment to a vulnerability
add comment to vulnerability [Vulnerability ID] (then provide your comment text)
Attaches notes or context to a given vulnerability.
List comments for a vulnerability
list comments for vulnerability [Vulnerability ID]
Displays all comments associated with that vulnerability.
List vulnerability TTR configurations
list TTR configurations
Shows current Time-to-Resolve thresholds by impact level.
Create a vulnerability TTR configuration
create a TTR configuration (then specify days for critical, high, medium, low, none)
Defines resolution deadlines per severity level.
Use the schema below to create a new vulnerability manually.
{
"name": "create a new vulnerability for project [Project ID]",
"data": {
"name": "vulnerability name",
"impact": "none, low, medium, high, critical",
"status": "open, in_progress, deleted, remediated, closed",
"risk_owner_id": "risk owner ID",
"asset_id": "asset ID"
}
}➤ Attack Surface Management
⦿ Chat
"Can you list all my monitored assets?"
"Show me all the ASM assets I’m currently monitoring."
"I want to create a new monitored asset. The hostname is 'myserver.example.com' and the IP address is 192.0.2.10."
"Please add a new monitored asset with hostname 'api.example.com' and IP 203.0.113.15."
"Get domain information for example.com."
"Can you get domain information for secure.example.com with SSL details included?"
"Show me host information for IP 10.0.0.25."
"Get the details for the host at IP address 198.51.100.5."
"Give me information about the Attack Surface Management module."
"Can you provide details on the ASM module?"
"List all the ports that ASM can identify."
"Show me all the identifiable ports through ASM."
"List all the protocols that ASM can recognize."
"What network protocols are detectable by ASM?"
⦿ Prompts Table
Action
Command Prompt(s)
Notes
List all monitored assets
list all monitored assets
show me my ASM assets
Retrieves the list of assets currently monitored by ASM.
Create a new monitored asset
create a new monitored asset (then provide hostname and IP address)
Adds a new asset into ASM monitoring.
Get domain information
get domain information for [Domain Name]
get domain information for [Domain Name] with SSL details
Provides domain details, with optional SSL certificate details.
Get host information by IP
get host information for IP [IP Address]
Returns details about the specified host.
Get ASM module information
get Attack Surface Management module information
Displays information about the ASM module itself.
List all identifiable ports by ASM
list all ASM ports
Lists all ports ASM can identify and monitor.
List all identifiable protocols by ASM
list all ASM protocols
Lists all network protocols ASM recognizes.
Although you can import manually, we recommend just adding a list of the IPs and let the agent handle the rest of the information gathering.
➤ Web Application Scanning (currently Qualys)
Use the full capabilities of the Qualys scanners via direct prompting.
⦿ Chat
"Can you list all of my Qualys web applications?"
"Show me all the web apps currently registered in Qualys."
"Get details for Qualys web application ID 123abc."
"Show me information on the web application with ID qa-456def."
"I want to create a new Qualys web application. The name is 'Customer Portal', the URL is https://customer.example.com, and the risk owner ID is r12345."
"Please create a new web application in Qualys called 'Inventory System' at https://inventory.example.com, ownership ID o67890."
"Update Qualys web application 789xyz to use the new URL https://portal.example.com."
"Change the name of Qualys web application abc123 to 'Sales Dashboard.'"
"Delete Qualys web application 987lmn. I understand this action is permanent."
"Remove the web app with Qualys ID 321qrs from the list permanently."
"List all the web application scans performed by Qualys."
"Can you show me the history of my Qualys web application scans?"
"Get details for Qualys web application scan scan-111aaa."
"Show scan results for Qualys scan ID 222bbb."
"Run a Qualys web application scan named 'Quarterly Audit' for project ID p678 and web application ID app-123."
"Please start a new web app scan in Qualys. Call it 'Security Checkup,' use project pq-999 and app ac-8888."
"Cancel the running Qualys web application scan 333ccc."
"Stop the current scan with Qualys scan ID 444ddd."
"Delete Qualys web application scan 555eee permanently."
"Remove web application scan ID 666fff from Qualys. I understand this can’t be undone."
We advocate for scanning third-party infrastructure only after receiving explicit approval from the owner of the assets.
⦿ Prompts Table
Action
Command Prompt(s)
Notes
List all web applications
list all Qualys web applications
Retrieves the full list of registered Qualys web applications.
Get details of a specific web application
get Qualys web application [Web Application ID]
Replace [Web Application ID] with the actual identifier.
Create a new web application
create a new Qualys web application (provide name, URL, and risk owner ID)
Requires DNS TXT record verification after creation.
Update an existing web application
update Qualys web application [Web Application ID] (specify new name or URL)
Allows updating basic details of the web application.
Delete a web application
delete Qualys web application [Web Application ID]
Irreversible action—removes the web app entirely.
List all web application scans
list all Qualys web application scans
Shows all scans performed by Qualys for web apps.
Get details of a specific scan
get Qualys web application scan [Scan ID]
Replace [Scan ID] with the actual scan identifier.
Run a new web application scan
run a Qualys web application scan (provide scan name, project ID, web application ID)
Executes a new scan based on the specified app.
Cancel a running web application scan
cancel Qualys web application scan [Scan ID]
Stops a scan that is currently running.
Delete a web application scan
delete Qualys web application scan [Scan ID]
Irreversible action—permanently deletes scan data/results.
In most cases you will not be importing scans, but in the case you do.
{
"name": "create a new scan",
"data": {
"name": "scan name",
"project_id": "project UUID",
"webApp": "web application ID"
}
}➤ Endpoint Security (Wazuh)
Monitors devices like computers and servers, detecting threats, vulnerabilities, and suspicious activity using a deployed endpoint agent (not AI).
The Wazuh endpoint implementation allows monitoring only. The Wazuh agent is not AI and doesnt perform actions outside of the scope of the Kikimora interface.
⦿ Chat
"Can you list all my endpoint agents?"
"Show me all the agents, including both active and disconnected ones."
"List only the currently active agents in my environment."
"Please show only the disconnected agent endpoints."
"Get the agent deployment command for Windows."
"How do I deploy an agent on a Linux server? Please provide the command."
"List the File Integrity Monitoring details for agent ID 101abc."
"Can you show FIM details for agent 202def?"
"Show me all the Windows Registry entries for agent ID win-agent-99."
"List Windows registries for agent win-001."
"List all installed packages on agent 303ghi."
"Show me the software packages installed on agent 404jkl."
"List all network interfaces for agent 505mno."
"What are the network interfaces on agent 606pqr?"
"List all open ports on agent 707stu."
"Show me the open network ports for agent 808vwx."
"List the hardening policy assessment results for agent 909yz."
"Can you show policy results for agent 010aaa?"
"List preset policy with ID preset-12 for agent ID 101abc."
"Show details for preset policy preset-34 on agent 202def."
"List all the policy presets that are available for hardening assessments."
"Can you show me all predefined policy templates?"
"Create a new policy preset called 'Strict Security.' Use base wrapper policy ID bwp-55 and add checks c1, c2, c3."
"I want to make a custom policy preset named 'Minimal Access' with base policy base-21 and checks c7, c8, c9."
"List all software that is approved for my endpoints."
"Can you show me the approved software list?"
"Add 'Google Chrome' to the approved software list. It should be matched by name and version."
"Please add 'Slack' as approved software and match only by software name."
⦿ Prompts Table
Action
Command Prompts(s)
Notes
List all agents
list all agents
show me my endpoints
(you can specify active or disconnected)
Retrieves agents, filtered by state if specified.
Get agent deployment command
get the agent deployment command for [Operating System]
Replace [Operating System] (e.g., Windows, Linux, macOS).
List File Integrity Monitoring (FIM) details
list FIM details for agent [Agent ID]
Displays FIM data for a given agent.
List Windows Registry entries
list Windows registries for agent [Agent ID]
Available only for Windows agents.
List installed packages
list installed packages on agent [Agent ID]
Shows installed software packages.
List network interfaces
list network interfaces for agent [Agent ID]
Displays interfaces (IP, MAC, etc.).
List open ports
list open ports on agent [Agent ID]
Shows ports currently open on the system.
List hardening assessment policy results
list policy results for agent [Agent ID]
Returns overall assessment results.
List specific preset policy checks
list preset policy [Policy ID] for agent [Agent ID]
Shows details of a given hardening policy preset on the agent.
List all available hardening assessment presets
list all policy presets
Displays all predefined hardening policies.
Create a new custom policy preset
create a new policy preset (provide name, base wrapper policy ID, and comma-separated check IDs)
Allows building a custom hardening policy template.
List approved software
list approved software
Shows software whitelisted/approved.
Add approved software
add approved software (provide software name + rule: comparable by name/version)
Adds new software to the approved list.
Installing an endpoint agent requires access and administrative rights.
Last updated