THE PROMPT for Copilot for Security - Issue #7
AI-ee-yeah
My Prompts
Happy Friday all! I hope everyone is well and ready to dig into more Copilot for Security goodness.
Before I leave you with the newsletter, here’s a few things to highlight.
…
The next season of the AI Tour is gearing up, so if you're able to join us when it heads your way this fall, I want to personally invite you. This round there’s an actual Copilot for Security session that will be lots of fun, so I’ll be on-hand to meet you in-person. This session won’t be delivered for every single tour date due to venue restrictions, but for those that are, I hope to see you there.
The schedule for the AI Tour is still being finalized, but you can sign-up to be notified when the schedule gets posted publicly.
Sign up to be notified by email here: https://info.microsoft.com/AI-Tour-Corp_Interest-form.html
And, if you’re interested in what the Copilot for Security session might look like, I’m already starting to build out the demo files. You can find those here: https://aka.ms/CfSAITour
…
For those that are new to this community this will be new information. But for those who have been here along the way, this is good a reminder.
The Copilot for Security Prompt Library sees right around 4,500 visits a week and is updated daily. Built for Copilot for Security, many of these prompts can be used anywhere and represent proper techniques of prompt engineering.
CfS Prompt Library: https://aka.ms/CfSPromptLibrary
This is a GitHub repository, so you can choose to fork it or follow it to stay informed when new things are posted.
…
Celebrate!
Last week, the Copilot for Security community group on LinkedIn surpassed 4,000 members! That’s amazing!
Come join your peers to learn and keep up to date on Microsoft's modern defense intelligence.
Not a member? Join us here: https://www.linkedin.com/groups/14345161/
…
That’s it from me for this week.
Talk soon.
-Rod
Community Prompts
Using Microsoft Graph as a Microsoft Copilot for Security Plugin with Delegated Access - Microsoft Copilot for Security (Copilot) is a large language model (LLM) based generative Artificial Intelligence (AI) system for cybersecurity use cases. Copilot is not a monolithic system but is an ecosystem running on a platform that allows data requests from multiple sources using a unique plugin mechanism. The plugin mechanism gives Copilot the capability to pull data for any external data source as long as it supports REST API, thus allowing Copilot to make Graph APIs calls.
Tip: Using KQL Request Templates for Copilot for Security - When Generative AI became the new hotness, those with and without KQL skills salivated: “I’ll never have to learn KQL again!” was the pervading cry of joy. And, then when Copilot for Security was released with the Natural Language to KQL (NL2KQL) capability, it seemed like the vision of never having to learn KQL to generate KQL was a super solid bet.
Turning a KQL Request Template into a Copilot for Security Promptbook - By supplying the following, using the “prompt variables” when creating a new Promptbook, you can shortcut the operation and enable this repeatable prompt template for anyone in your security organization.
How do I apply Zero Trust principles to Microsoft Copilot for Security? - To apply Zero Trust principles to your environment for Microsoft Copilot for Security, you need to apply five layers of protection:
Protect admin and SecOps staff user accounts with identity and access policies.
Apply least privilege access to admin and SecOps staff user accounts, including assigning the minimum user account roles.
Manage and protect admin and SecOps staff devices.
Deploy or validate your threat protection.
Secure access to third-party security products that you integrate with Copilot for Security.
Use Copilot for Security to Convert Yara Rules - Did you know that you can use Copilot for Security to convert rules from other sources to KQL that Microsoft products can use? Here’s an example.
Use Copilot for Security to Get Workarounds for the Global CrowdStrike Outage - If you’re not yet aware, there’s a massive global outage caused by a CrowdStrike update. If you have systems that are affected by this outage, you can use the Copilot for Security public URL technique to get a good summary of workarounds for resolving it.
Generating Markdown with Copilot for Security - Many organizations utilize GitHub for more than just applications. Some use it for corporate documentation around policies and other things. Copilot for Security also provides the capability to generate responses in Markdown language, perfect for storing on GitHub.
UPDATE - Intune plugin in Copilot for security (Public Preview) - If your organization utilizes Microsoft Intune within the same tenant as Copilot for Security, you can leverage Copilot to glean valuable insights from your Intune data.
Tip: Copilot for Security Promptbook for Public URL - I’ve been digging deeper into Promptbooks recently as a way to normalize the things I do and make prompts repeatable. Plus, as I do demos for customers and audiences, it helps to have a set of demo prompts that are easy to find in the Promptbook library.
Event Prompts
Morten and I with the first session of the week! On Monday October 21 of MMS Flamingo Edition, Morten Waltorp Knudsen [MVP] and I will be talking about "Enhancing Threat Hunting Efficiency with Copilot for Security."
Register to attend today!
Audio/Visual Prompts
The Copilot for Security YouTube Playlist
https://www.youtube.com/playlist?list=PLmAptfqzxVEW6hqgkKT_a4LNnBQm4omQq
Partner Prompts
Microsoft Copilot for Security Design - Managed Sentinel - We’re excited to continue our series of succinct visual guides with the release of our one-page diagram for Microsoft’s Copilot for Security – poised to revolutionize how Security Operations Center (SOC) analysts handle and analyze security events.
Building Graph API Custom Plugins for Copilot for Security - As we explored the capabilities of Copilot for Security, we discovered that while the native plugins offer access to a vast array of data, they didn't cover everything we needed for some of our specific use cases and promptbooks. For instance, we wanted detailed insights into Conditional Access policies from Entra ID, Intune policies, Secure Score, and more. Although Microsoft continues to enhance the native plugins by adding new skills, we opted to develop our own custom plugins. By leveraging the integration with the Microsoft Graph API, we can immediately provide our customers with additional value and tailored solutions.
Prompt of the Week
Tell Copilot for Security to format its responses in Markdown language.
Prompt: Discuss how threat modeling helps identify potential security risks early in the development lifecycle. Supply the response in Markdown code. Use Markdown H1 header for the response title.
Grab the prompt from the Prompt Library: https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/General.md
See the Markdown example: https://github.com/rod-trent/Copilot-for-Security/blob/main/Other/Markdown/Test_Markdown.md