Skip to content

Universal Report Analysis Prompt – Technical Overview

Introduction

The Universal AI Report Summary Prompt is designed to automatically generate concise, insightful, and audit-ready summaries for any self-contained report from 12Port platform. It is fully adaptive, detecting available fields and dynamically producing meaningful statistics, top lists, and anomaly insights without requiring prior knowledge of the report structure.

This prompt is suitable for administrators, auditors, and security teams who need actionable insights from reports, regardless of the type or complexity of the data.

Note

This page documents the use cases, requirements and constraints of the default prompt named Generate a Universal Summary. However, the information provided on this page can be used or referenced when writing your own custom prompts.

Prompt Overview

The solution consists of two main components:

System Prompt

The system prompt provides context and instructions to the AI. Its purpose is to:

  • Define the AI's role as a data analyst and security auditor.
  • Explain that the report is self-contained and should be analyzed independently.
  • Instruct the AI to dynamically detect fields, adapt analysis to available data, and highlight anomalies or security-relevant events.
  • Specify that the output should be plain text, readable, and organized for administrative or audit purposes.

Key Features:

  • Adaptive field detection and classification (numeric, categorical, timestamps).
  • Dynamic selection of meaningful statistics.
  • Emphasis on security-relevant insights.
  • Graceful handling of missing or incomplete data.

User Prompt

The user prompt provides the AI with the actual report data and detailed instructions for analysis.

Key Instructions Include:

  1. Field Detection – Automatically identify all columns and their types.

  2. Overall Summary – Total events, unique users/accounts/resources, and unique event types.

  3. Event/Outcome Analysis – Counts, percentages, distributions, success/failure rates, or privileged actions if applicable.

  4. Time-Based Analysis – Earliest/latest events, peak activity periods, and session durations (if timestamps exist).

  5. Top Entities – Top users, assets, actions, or events based on frequency.

  6. Anomalies & Points of Interest – Highlight unusual activity or patterns indicating potential security risk.

  7. Percentages & Ratios – Include meaningful statistics relative to total counts.

  8. Presentation – Narrative summary followed by detailed statistics; sections omitted if not relevant to the report.

Inputs

Report data is included automatically at runtime. These input requirements are provided for informational purposes only.

  • Report Data:
    • Any self-contained report from the 12Port platform.
    • Structured CSV data.
    • May include users, accounts, systems, resources, actions, timestamps, outcomes, or other event metadata.

Outputs

The AI produces a plain-text summary containing:

  1. Narrative Summary: Key insights and high-level overview.

  2. Overall Statistics: Total events, unique entities, counts, and distributions.

  3. Event/Action Analysis: Frequencies, percentages, top actions or event types.

  4. Time-Based Insights: Peak activity periods, earliest/latest events, session metrics.

  5. Top Entities: Top users, assets, or actions by frequency.

  6. Anomalies/Highlights: Potential security risks or unusual patterns.

  7. Percentages & Ratios: Meaningful ratios for context.

Example Output Structure:

Summary:
- Total events: 1,254
- Unique users: 45
- Unique systems: 12

Event Type Distribution:
- Login: 40%
- File Access: 35%
- Privilege Escalation: 25%

Top Users:
1. userA – 125 events
2. userB – 110 events

Time-Based Insights:
- Earliest event: 2026-01-01 08:03
- Peak activity: 14:00 – 15:00

Anomalies:
- userC performed unusually high privilege escalations
- 12 failed login attempts detected

Ratios:
- Privileged actions: 25% of total events
- Failed actions: 5% of total events

Summary

The Universal AI Report Summary Prompt is a flexible, adaptive solution for extracting actionable insights from any single report. By dynamically detecting available fields and tailoring the analysis to the data present, it ensures administrators and auditors receive:

  • Quick, high-level summaries.
  • Detailed statistics, distributions, and top lists.
  • Anomalies and security-relevant patterns.

This approach simplifies report review, enhances audit readiness, and provides meaningful insights without creating individual prompts for each report type.