Skip to content

AI Events Report Analysis Prompt – Technical Overview

Overview

The AI Event Report Analysis Prompt is designed to enable automated analysis of 12Port audit logs (Events Reports) using AI. This functionality provides system administrators, security analysts, and auditors with actionable insights, statistical summaries, and anomaly detection without requiring manual review of large volumes of log data.

By leveraging this prompt, users can generate text-based statistics that highlight usage patterns, potential risks, compliance metrics, and operational efficiency of privileged accounts. The output is structured in a readable, categorized format suitable for reporting, auditing, and decision-making purposes.

Note

This page documents the use cases, requirements and constraints of the default prompt named Generate a summary of this Events report. However, the information provided on this page can be used or referenced when writing your own custom prompts.

Purpose and Intent

The purpose of this prompt is to:

  1. Automate Audit Log Analysis: Quickly parse raw CSV Events Report data to extract meaningful metrics and patterns.

  2. Identify Risk and Compliance Issues: Detect unusual access patterns, high-risk events, policy violations, and potential insider threats.

  3. Provide Actionable Insights: Deliver observations that help administrators and auditors make informed decisions regarding account usage.

  4. Enable Text-Based Reporting: Produce all statistics and summaries in structured text format, suitable for inclusion in reports or dashboards without the need for visualizations.

Expected Input

Report data is included automatically at runtime. These input requirements are provided for informational purposes only.

The prompt requires the following input:

  • CSV Data: The raw Events Report exported from the report.
  • Required Columns: The CSV should include, at minimum, the following fields:
    • Timestamp of the event
    • User ID or username
    • Privileged account accessed
    • Event type (e.g., login, logout, command execution)
    • Event outcome (success, failure)
    • Role or group (if applicable)
    • System or resource accessed

The CSV can contain additional fields, which the AI will incorporate where relevant.

Expected Output

The AI generates a structured text report divided into the following categories:

  1. User Activity Metrics – Summaries of user behavior, event counts, and frequency.

  2. Account and Role Usage – Insights into which accounts and roles are most accessed.

  3. Event Type Distribution – Counts and percentages of event types and outcomes.

  4. Temporal Patterns – Analysis of activity trends by hour, day, or week.

  5. Risk and Anomaly Detection – Highlighting unusual behavior, potential policy violations, and high-risk events.

  6. Compliance Metrics – Segregation-of-duties issues, approval adherence, and audit coverage.

  7. Event Severity Analysis – Classification and counts of low and high-risk events.

  8. Correlation and Cross-Analysis – Relationships between users, accounts, and systems.

  9. Operational Efficiency Metrics – Session duration, idle time, and automation ratios.

  10. Predictive and Trend Insights – Forecasts of risk or unusual activity based on historical patterns.

  11. Aggregated Summaries – Total events, unique users, and overall distributions.

  12. AI-Generated Insights – Optional observations highlighting unusual or actionable patterns.

Format:

  • Plain text, with clear headings and subheadings.
  • Lists, counts, averages, percentages, and top/bottom N rankings where relevant.
  • Highlighted notes for anomalies, unusual patterns, and potential risks.

Notes and Best Practices

The AI will only analyze data present in the CSV; it does not access external logs or historical records.

Users can optionally configure the prompt to focus on specific time periods, high-risk events, or compliance concerns by modifying the user instructions.

Consistency and Predictability

The prompt is designed to generate consistent output across reports, even when:

  • Event volume differs significantly
  • Certain event types are missing
  • CSV schemas vary between systems or connectors

This consistency makes the output suitable for:

  • Repeated manual review
  • Automated downstream processing
  • Long-term audit retention

Limitations

  • The analysis reflects only what was recorded. Non-recorded events cannot be reconstructed or inferred.
  • Risk indicators are session-internal and should be interpreted as guidance for review, not as definitive judgments.
  • The output is descriptive and analytical, not prescriptive or enforcement-oriented.

Summary

This prompt provides a scalable, automated method for turning raw audit log data into meaningful insights, helping organizations improve security and maintain compliance.