THE PROMPT for Copilot for Security - Issue #14
THE PROMPT for Copilot for Security - Issue #14
Family Affair
My Prompts
Happy Friday everyone!
Thanks so much for your continued support of this community. I hope each week’s updates continue to provide you value. And if it does, please share this newsletter with your colleagues.
…
It’s been a couple weeks since we’ve been together. If you remember from the last newsletter issue, I was seeking to have my birthday wish fulfilled.
From last newsletter: If you’re not aware already, Lee Majors is a childhood hero who played Steve Austin on the Six Million Dollar Man TV show in the 1970’s. If you’ve ever read the Must Learn KQL learning series, you’re intimately aware of this because I use it as part of an example. It’s even a question on the Must Learn KQL assessment.
Here’s one result of this endeavor…
In the picture, that’s me on the left, my wife on the far right, and my youngest daughter (in the green hair) and - of course - Lee Majors right in the middle. My youngest daughter worked for a couple weeks on her Cosplay costume, which is some anime character I can’t remember. But it worked out so well, there were a bunch of attendees that asked to take selfies with her. We all had a great time. Lee was super nice, friendly, and even told a couple jokes.
…
What’s next? Microsoft Ignite!
If you’re attending Microsoft Ignite this year in Chicago in November (brrrrrr!), here’s some definite ways to find me.
2 Lab options:
Boost security and IT efficiency with Microsoft Security Copilot
* LAB462 Wednesday, November 20 4:00 PM - 5:15 PM Eastern Standard Time https://ignite.microsoft.com/en-US/sessions/LAB462* LAB462-R1 Thursday, November 21 9:30 AM - 10:45 AM Eastern Standard Time https://ignite.microsoft.com/en-US/sessions/LAB462-R1
1 Theater session:
Mastering custom plugins in Microsoft Security Copilot - https://ignite.microsoft.com/en-US/sessions/THR653
* THR653 Tuesday, November 19 12:15 PM - 12:45 PM Eastern Standard Time
These aren’t the only times you’ll be able to find me at Microsoft Ignite, but you’ll have to look harder otherwise. In addition to Security Copilot booth duty and the community areas, my Microsoft Security Insights Show cohosts and I will be hosting some impromptu community events.
…
That’s all from me for this week.
Talk soon.
-Rod
Community Prompts
Identity forensics with Copilot for Security Identity Analyst Plugin - This is a step-by-step guided walkthrough of how to use a custom KQL Copilot for Security plugin for Identity SOC and forensics use cases and how it helps in implementing a consistent security policy for every user, employee, frontline worker, customer, and partner as well as apps, devices, and workloads across multi-cloud and hybrid.
Security Copilot Usage Dashboard 2.0 Walkthrough - You may have (or may not) have seen news about the latest update to the Security Copilot Usage Dashboard. So, if not – there’s an update available for everyone that GA’d on October 25th that brings the Usage Dashboard some much needed and much requested features and brings the revision level for the dashboard to 2.0.
Security Copilot Workbook - I recently started building an Azure Monitor Workbook to help centralize all the things that can be monitored for Security Copilot. I think I’m finally at a point where I want to share it with all of you, to get your help building it better, bigger, and more eye-pleasing.
Audio/Visual Prompts
Collateral Prompts
KQL query that identifies Security Copilot portal logins through the SigninLogs table
News Prompts
Data retrieval POST operations for API plugins - Users can now harness data in plugins that utilize POST operations to get, retrieve, and list data for security investigations and enrichment.
Prompt of the Week
Use Defender Entra to provide a user risk assessment.
https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/Entra.md
