Copilot for Security is an AI-powered solution designed to enhance cybersecurity management by providing natural language assistance for incident response, threat hunting, intelligence gathering, and posture management. It supports Microsoft security products and third-party plugins, offering context and guidance for security prompts through OpenAI architecture and Microsoft technologies to generate relevant and actionable responses. Accessible via standalone or embedded experiences, Copilot for Security integrates plugins for various security data sources and services like Defender XDR, Sentinel, Intune, and ServiceNow, streamlining security operations and decision-making processes.
- Incident summarisation
Get context for incidents and improve communication across your organisation by using generative AI to quickly condense complex security alerts into brief, actionable summaries, which then enable faster response times and streamlined decision-making.
- Impact analysis
Use AI-driven analytics to evaluate the potential impact of security incidents, providing insights into affected systems and data to prioritise response efforts effectively.
- Reverse engineering of scripts
Avoid the need to manually reverse engineer malware and enable every analyst to understand the actions executed by attackers. Analyse complex command line scripts and translate them into natural language with clear explanations of actions. Efficiently extract and link indicators found in the script to their respective entities in your environment.
- Guided response
Get actionable step-by-step guidance for incident response, including directions for triage, investigation, containment, and remediation. Relevant deep links to recommended actions allow for quicker response.
The Microsoft Copilot for Security capabilities can be accessed through a standalone immersive experience, or through intuitive embedded experiences available in other Microsoft security products. The underlying system that helps increase the efficiency and capabilities of defenders consists of the foundation language model and proprietary Microsoft technologies.
Microsoft security solutions such as Microsoft Defender XDR, Microsoft Sentinel, Microsoft Intune integrate seamlessly with Copilot for Security. There are also some embedded experiences available in Microsoft security solutions that give access to Copilot for Security and prompting capabilities in the context of their work within those solutions.
Plugins from Microsoft and third-party security products are a way of extending and integrating services with Copilot for Security. Plugins bring more context from event logs, alerts, incidents, and policies from both Microsoft security products and supported third-party solutions such as ServiceNow.
Copilot for Security also has access to threat intelligence and authoritative content through plugins. These plugins can search across Microsoft Defender Threat Intelligence articles and intel profiles, Microsoft Defender XDR threat analytics reports, and vulnerability disclosure publications, among others.
*correct at time of publication*
- May 2024
Purview embedded experience: Answer data-related questions in natural language queries using Purview.
CyberArk Privilege Cloud plugin: List and interact with privileged accounts data using natural language.
DarkTrace plugin: Detect, investigate, and respond to threats across your digital ecosystem.
Jamf Pro plugin: Access MDM data and facilitate collaboration between IT and Security teams.
Red Canary plugin: Enhance your detection and response capabilities for endpoints, network, cloud, identities, and SaaS applications.
SGNL.ai plugin: Understand and identify fine-grained access decisions and trends.
Shodan plugin: Find and explore devices connected to the internet and their vulnerabilities.
ReversingLabs Spectra Intelligence plugin: Summarise complex file reputation and analysis reports for quicker triage and response.
- June 2024
Asure Firewall plugin: Investigate malicious traffic from your firewalls using natural language questions.
Asure Web Application Firewall plugin: Analyse Azure WAF events and related attack vectors using natural language responses.
Defender External Attack Surface Management (EASM) natural language to EASM query: Query your attack surface using natural language questions.
Defender EASM embedded experience: Use EASM skills within your EASM resource.
AbuseIPDB plugin: Report and identify IP addresses associated with malicious activity online.
Intel 471 plugin: Get automated and human intelligence on top-tier cybercriminals.
Shodan InternetDB plugin: Enrich IP investigations with information on open ports, hostnames, vulnerabilities, and more.
- July 2024
Streaming of response: This approach significantly enhances perceived latency for users, enabling them to begin reading responses as they are generated, similar to other Copilots.
Microsoft Defender Threat Intelligence - General Availability: Helps analysts deep dive into threat intelligence context based on sources such as Microsoft Defender Threat Intelligence, threat analytics, and detonation based reputation information. The threat intelligence includes content such as articles and actor profiles, indicators of compromise, and impact to your organization including related incidents, assets and recommendations for remediation. - August 2024
You can now use Copilot in Microsoft Intune's device query page to help you craft KQL queries. Just use natural language to ask about a device in Microsoft Intune, and Copilot will generate a KQL query that you can run to get the answer.
Now to use Copilot for Microsoft 365 or Web to summarise this blog for you and pick out key points.
