Prompt templates to document access audit logs

Here are several prompt templates tailored for generating or documenting access audit logs. These templates can be used in tools like ChatGPT, internal documentation systems, or log analysis platforms. They are designed to be clear, repeatable, and useful for both security auditing and compliance reporting.

1. Basic Access Log Entry

pgsql
CopyEdit
Document the access event for user {username} who accessed {resource_name} on {timestamp}. Include user role, access method, IP address, and action performed.

2. Suspicious Access Pattern

pgsql
CopyEdit
Generate a report of any anomalous access attempts by user {username} to {resource_name} from IP {ip_address} outside business hours (08:00–18:00) over the past {number_of_days} days.

3. Compliance-Oriented Access Report

pgsql
CopyEdit
Create an access log summary for {department/team} between {start_date} and {end_date}, highlighting resource accessed, time of access, user identity, and whether access was authorized under {policy_name}.

4. Privilege Escalation Attempt

pgsql
CopyEdit
Document a potential privilege escalation where user {username} attempted to access {resource_name} requiring higher privilege on {timestamp}. Include result, system response, and logged justification if available.

5. Detailed Audit Entry for Critical Systems

pgsql
CopyEdit
Create a detailed log of all user interactions with {critical_system_name} from {start_date} to {end_date}. For each entry, include: username, access level, action performed, timestamp, source IP, and authentication method.

6. Access Denied Attempts

pgsql
CopyEdit
List all access denied events for user {username} across all systems from {start_date} to {end_date}, including reasons for denial and the accessed resources.

7. Role-Based Access Overview

pgsql
CopyEdit
Generate a table showing access frequency to {resource_name} by role (Admin, Manager, Employee) from {start_date} to {end_date}. Include total successful and failed attempts per role.

8. Geo-Based Access Monitoring

pgsql
CopyEdit
Document access logs filtered by location for {resource_name} from users accessing from outside {expected_region} between {start_date} and {end_date}.

9. Audit Trail for Third-Party Integrations

pgsql
CopyEdit
Log and review all access events initiated by third-party integration {integration_name}, detailing timestamp, accessed endpoints, API tokens used, and access result (success/failure).

10. Inactive Accounts Audit

pgsql
CopyEdit
Identify and list user accounts that have not accessed any resource in the system for more than {number_of_days} days. Include last login date, account status, and assigned permissions.

11. Daily Access Summary Prompt

pgsql
CopyEdit
Summarize all access activity for {date} in the format: [Username] | [Resource Accessed] | [Timestamp] | [Access Result] | [Source IP]. Include both successful and failed attempts.

12. Incident Response Log Template

pgsql
CopyEdit
Document incident response for unauthorized access attempt on {resource_name} at {timestamp}. Include detection method, user account involved, access vector, mitigation steps taken, and incident closure status.

These prompt templates can be customized based on the environment (cloud, on-premise, SaaS), logging tools (Splunk, ELK, SIEM), or compliance standards (HIPAA, ISO 27001, SOC 2). Let me know if you want variations for a specific platform or regulation.