My Prompts
Welcome back everyone! Welcome to our 3rd issue.
The newsletter is off to a great start and the membership continues to build steadily. Thanks to all of you who have been here since the beginning and welcome to all the first timers. I hope this effort continues to provide you value and enables you to build a solid foundation of learning for Microsoft’s GenAI security tool. If any of that ever changes, let me know right away. Hit me up on Twitter/X or LinkedIn.
…
I started this particular newsletter as a bi-weekly effort and I think, so far, bi-weekly is hitting the right spot. However, that doesn’t mean that it might be pushed to weekly sometime in the future.
In the interim, if you’re looking to stay engaged and building your learning about Copilot for Security more quickly, there’s over 3500 of your most experienced, most interested, and engaged peers in the Copilot for Security community group on LinkedIn:
…
Lastly, I’m not sure if you’re aware, but I deliver a “Copilot for Security Prompt of the Day” that gets proliferated across various platforms. These prompts are valid and verified and supply some great ideas on creating your own prompts.
Except for a week away speaking at a conference, I’ve been doing this every day since April 16th, so that’s a bunch of prompt examples.
The prompts themselves and the daily prompt posts are maintained in a couple places so you can go back and review the ones you missed - or review them all if you missed them all. They are in two places:
The prompts are available to copy/paste from the Prompt Library on my Copilot for Security GitHub repository: https://aka.ms/CfSPromptLibrary
The daily posts are stored in my Notes section of my personal blog:
I hope you find these useful.
…
Talk soon.
-Rod
Community Prompts
Exploring Copilot for Security to Automate Incident Triage - When speaking with Copilot for Security customers, automation is often brought up as a topic of exploration. Customers are eager to extend their existing SOAR investments or workflows to include Copilot because they recognize the capabilities this new technology brings and believe it has the potential to further increase productivity.
UPDATED: Copilot for Security Activity All-in-One Custom Plugin - Now includes failed login to the Copilot for Security service.
Updates to Security Admin permissions for Microsoft Copilot for Security - Late June 2024, Security Admins will have an expanded authority to control Microsoft security products to access Microsoft 365 Customer Data. Within Microsoft Copilot for Security, the purpose of this is to allow users to query information directly from those M365 products in the standalone and embedded experiences.
The Definitive Guide to KQL Custom Plugin for Copilot for Security - Imagine sitting reading The Definitive Guide to KQL from Microsoft Press and you see one of the many KQL samples provided in the book and you want to test the query in your own environment. You know that the book comes with its own GitHub repository, and even though the repo is organized effectively to match the book chapters, you’ll still need to do some manual searching to locate the query. This is where The Definitive Guide to KQL from Microsoft Press plugin comes into play.
Using KustoFree with Copilot for Security - Using the free Azure Data Explorer cluster, affectionately known as KustoFree, you can upload/ingest data that can be used in Copilot for Security using a Custom Plugin.
Using a non-Sentinel Log Analytics Workspace with Copilot for Security - This tidbit is for those that are not Microsoft Sentinel customers (they really do exist) but would still like to take advantage of the many logs provided in Azure to expand Copilot for Security’s knowledge.
Copilot for Security Plugins: The Importance of Vetted Data Sources - The KQL externaldata operator is a powerful tool to access data that exists outside, or external, to the tenant where the querying is being performed. This enables organizations to bring together data from both local and external sources.
Scheduling the Provisioning of Capacity (SCUs) for Copilot for Security - Logic App Template | LinkedIn - Recently I created a custom ARM Template for deploying a Logic App that allows to create or update or delete the capacity for Copilot for Security at certain times in a day. The template is here. In this article my objective is to show how to use the template.
Preparing for Microsoft Copilot for Security - Planet Technologies - Microsoft Copilot for Security is a revolutionary tool that helps increase the efficiency and capabilities of defenders and your security measures. It is a generative AI-powered solution that uses advanced algorithms and machine learning to provide insights, recommendations, and proactive measures to improve your security posture. However, it is important to note, while Microsoft Copilot for Security aids in enhancing security, it does not replace the need for a comprehensive security strategy, which should include robust policies, user education, and regular audits.
Microsoft Copilot for Security: Everything You Need to Know - Microsoft Copilot for Security is an innovative component of the Microsoft security product portfolio. It is essentially engineered to redefine the management of security incidents. This solution is deeply integrated with Microsoft 365, offering a sophisticated AI-powered platform to cybersecurity professionals. It simplifies the complex landscape of cybersecurity by automating threat detection, analysis, and response processes.
Using IP-API with Copilot for Security - The API is a simple one. You literally just submit the IP address and IP-API.com returns the data.
Accelerate cloud security risk remediation with Microsoft Copilot for Security - With Copilot in Defender for Cloud, security teams can efficiently identify critical risks across their multicloud environments and developer pipelines and streamline remediation efforts to make the most impact on their security posture.
Azure Firewall integration in Copilot for Security: protect networks at machine speed with Gen AI - The Azure Firewall integration in Copilot for Security helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
What’s New? – Security Copilot Azure logic app Connector - This blog post delves into the of the Copilot for Security Logic App connector. We'll explore how it facilitates the integration of Copilot's AI capabilities and into existing workflows, revolutionizing automated security processes.
Event Prompts
Secure AI Briefing: Protect at the Speed and Scale of AI - Join us at a Microsoft Technology Center for this limited series to learn about the power of Microsoft Copilot for Security and Tanium Converged Endpoint Management (XEM) to help protect more within your organization. Join us from 9:00 AM - 12:00 PM local time at a city near you!
Atlanta, GA: June 4th
Toronto, ON: June 12th
Irvine, CA: June 13th
Audio/Visual Prompts
Collateral Prompts
FailedSignins.kql - Failed signins to the CfS service exposing user, reason, and other necessary information.
Custom Prompts (related)
Accelerating identity threat detection and response with GenAI - Red Canary - Process flows that combine GenAI agents with human experts can save time on investigations and reduce drudgery in the security operations center (SOC).
Partner Prompts
Microsoft Copilot for Security Design - Managed Sentinel - We’re excited to continue our series of succinct visual guides with the release of our one-page diagram for Microsoft’s Copilot for Security – poised to revolutionize how Security Operations Center (SOC) analysts handle and analyze security events. With the ability to interpret complex, interrelated security events, generate sharp KQL scripts, integrate enrichments from both Microsoft and third-party sources, and tailor incident summaries for specific audiences, Copilot for Security’s capabilities are only limited by the user’s ingenuity in prompting the system and discerning the most pertinent information for a given situation.
Understanding and Applying Vector Databases to Supercharge your SOC with AI & Copilot for Security - Security Risk Advisors - A vector database is a relatively new type of database that is specifically designed to aid in powering AI search, by providing natural language searching capabilities, and the ability to quickly and accurately retrieve relevant information from within large bodies of text, all without the necessity of needing to have exact matches. In reality, this technology isn’t that new, its probably been driving your favorite search engine for years!
Building a Copilot for Security Custom NetFlow Plugin - Security Risk Advisors - We preach data-centric SOC architecture, meaning we use Azure Data Explorer as a fully-hot complete log storage solution for any-and-all logs. We use this in conjunction with Azure Sentinel to store logs we might want much further down the road, such as endpoint telemetry, and we keep all this data hot and searchable.
News Prompts
SGNL Joins Microsoft for Startups Pegasus Program - SGNL, the modern solution to privileged identity management, has joined Microsoft for Startups Pegasus Program. The two-year program helps drive sales and accelerate growth for SGNL.
Prompt of the Week
How can I better secure the following code?
https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/General.md
In the example, I use Copilot for Security's ability to reverse engineer a script to give me recommendations on how to better secure the code.