My Prompts
Welcome back everyone and I hope you have a happy Friday after a fruitful and rewarding week.
Feedback about THE PROMPT has been fantastic and this community continues to grow at an accelerated rate. This truly shows the level of interest in Copilot for Security and utilizing Generative AI for security uses. But let’s not keep all this goodness to ourselves.
Please share the content of this newsletter and the newsletter itself with someone who needs to know about it. Together, let’s build the best community possible.
…
I’ve been under the weather for the last week. If you remember, from previous newsletter issues, my family spent some time in Ohio Amish country recently and, as relaxing and renewing as it was, I seemed to have caught some sort of cold bug. Over my lengthy career, I’ve rarely taken sick time off work, but this one was serious enough to actually shutdown and rest. As of this newsletter delivery, I’m finally emerging and feeling good enough to dig into what I’ve missed.
I say that to say this… If I did not respond as quickly as normal this past week or if I did not respond at all, that’s why and I promise I’ll get around to making things right.
…
I DID A THING.
Lastly, I wanted to drop a note about a fiction book of mine that has recently fully published. Sword of the Shattered Kingdoms: Ancient Crystal of Eldoria is a fantasy novel in the vein of Robert E. Howard.
It may not be your thing at all, but I suspect many that read here may be interested.
It’s currently available in paperback, Kindle/eBook, and Audio book. Amazon's Kindle Unlimited members can read it for free.
Paperback: https://amzn.to/3ztECgT
eBook/Kindle: https://amzn.to/4ckE0ci
Audio book: https://play.google.com/store/audiobooks/details/Rod_Trent_Sword_of_the_Shattered_Kingdoms?id=AQAAAEDSjwLPwM
This story lays the groundwork for the series. Additional locations for the audiobook are on the way.
Additionally, there’s an exclusive free chapter available for download: https://github.com/rod-trent/SSK/tree/main/Free_Chapter
With the July 4th weekend coming next week, this will be a great way to leave work at work and stretch your brain in new ways.
…
That’s it from me for this week. I hope your weekend and week ahead is a good one.
Talk soon.
-Rod
Community Prompts
CISO's Guide: Using Copilot For Security Insights & Guidance - As a prominent organization’s Chief Information Security Officer (CISO), you safeguard sensitive data and mitigate cyber threats. To address these challenges effectively, you implemented Copilot for Security, an advanced AI assistant that provides insights and guidance.
How to build a Copilot for Security API Plugin – Part 2 - In part-1 of this series, we discussed building an API plugin using a single GET call. In this article, we expand on Part-I and look at building API plugins that make more advanced GET calls using parameters. If you have not read part-I, we encourage you to do so first, as several parts in this article assumes familiarity with the code and other details that were mentioned in part-I. In this blog, we will only discuss API plugins and more information on the other types of Copilot plugins can be found here.
UPDATED: Copilot for Security Activity All-in-One Custom Plugin - June 18, 2024 - Added the ability to show who has failed MFA authentication to the Standalone experience.
Copilot for Security: Chaining Plugins with Use - There’s also another reason why the word ‘use’ is powerful in prompting. In the case of Copilot for Security, if you know the specific plugin that you want to use, you can direct Copilot for Security to use it explicitly.
Copilot for Security Plugins: Update versus Replace - In the Copilot for Security standalone experience, there are two options for a plugin: Edit file and Delete.
Copilot for Security Public URL Tip for JavaScript Pages - If you’ve used the public web feature for Copilot for Security very much, you’ve probably run into limitations when attempting to utilize public sites and pages that that use JavaScript.
Creating Better Prompts for a Security Assistant - Prompts are short messages that guide, remind, or persuade users to take specific actions or make informed decisions related to cybersecurity. In this article, we will discuss how to create better prompts for a security assistant that involve focusing on key areas of cybersecurity.
Event Prompts
Copilot for Security - 11 July, 2024 | 1:00 PM - 1:30 PM (UTC-04:00) Eastern Time (US & Canada)
Audio/Visual Prompts
Collateral Prompts
//Failed MFA authentication against the CfS Standalone experience.
SigninLogs
| where TimeGenerated >= ago(24h)
| where AppDisplayName == "Medeina Portal"
| where ResultType == "50074"
| extend city = LocationDetails.city
| extend state = LocationDetails.state
| extend region = LocationDetails.countryOrRegion
| extend latitude = parse_json(tostring(LocationDetails.geoCoordinates)).latitude
| extend longitude = parse_json(tostring(LocationDetails.geoCoordinates)).longitude
| project UserDisplayName, UserPrincipalName, UserType, city, state, region, latitude, longitude, AADTenantId
Partner Prompts
News Prompts
Copilot for Security TI Embedded Experience in Defender XDR is now GA - The Microsoft Defender Threat Intelligence (MDTI) and Defender XDR teams are pleased to announce that the Copilot for Security threat intelligence embedded experience in the Defender XDR portal is now generally available. As of today, Defender XDR customers will see a handy AI-powered sidecar in the Threat Analytics, intel profiles, intel explorer, and intel projects tabs in the threat intelligence blade (in brackets below), which returns, contextualizes, and summarizes intelligence from across MDTI and Threat Analytics about threat actors, threat tooling, and indicators of compromise (IoCs) related to their vulnerabilities and security incidents.
Product Updates…
Azure Firewall plugin: This new plugin helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions.
Azure Web Application Firewall: This new plugin enables deep investigation of Azure WAF events. It can help analysts investigate the logs generated by Azure WAF in a matter of minutes and provide related attack vectors using natural language responses at machine speed.
Microsoft Defender External Attack Surface Management (Defender EASM) natural language to EASM query: This new skill allows you to query your attack surface using natural language.
Defender EASM: This new experience allows you to leverage Defender EASM skills within your Defender EASM resource.
AbuseIPDB plugin: This new plugin helps make the Web safer by providing a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online.
Intel 471 plugin: This new plugin provides ongoing automated collection, local human intelligence reporting, and high-fidelity alerting of top-tier cybercriminals.
Shodan InternetDB plugin: This new plugin uses Shodan's free InternetDB to enrich IP investigations. Retrieve IP information of open ports, hostnames, open ports, vulnerabilities.
Prompt of the Week
Prompt: Evaluate the security implications of using outdated software and dependencies in a corporate environment.
https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/MDTI.md
Since April 2024, I’ve been posting “Copilot for Security Prompts of the Day.” To catch up on the one’s you missed, they are all stored HERE.