Blogs by Ashwin

  Introduction Microsoft Security Copilot is a platform that assists in in protecting an organization at scale and machine speed. The extensive security data from Microsoft Sentinel is a great resource for Copilot to use when analyzing incidents and creating hunting queries.  Microsoft Sentinel incidents and data, when combined with other Security Copilot sources, gives a broader understanding of threats as well as context.  Security Copilot Integration with Microsoft Sentinel This integration primarily supports standalone experience accessed via https://securitycopilot.microsoft.com, where interaction is done in a chat-like experience to summarize incidents and get other answers about security data.  Key Features Microsoft Sentinel data integrates with Security in following two ways: In Microsoft's unified security operations platform, Copilot in Microsoft Defender XDR benefits from unified incidents integrated with Microsoft Sentinel. In the standalone experience, ...

  About A cloud-based artificial intelligence platform called Microsoft Copilot for Security offers a Copilot experience in natural language. In a variety of situations, such as incident response, threat hunting, and intelligence collection, it can assist security professionals.  Deep analysis of Azure Web Application Firewall (WAF) events is made possible by Microsoft Copilot for Security's integration with Azure WAF. In just a few minutes, it can assist in examining WAF logs that were triggered by Azure WAF and offer relevant attack vectors through machine-speed natural language responses. It gives insight into the threat landscape of the surroundings. It enables one to find the most offending IP addresses in an environment and obtain a list of the WAF rules that are most frequently triggered.  Both Azure WAF on Azure Application Gateway and Azure WAF on Azure Front Door support Microsoft Copilot for Security integration.  Key Features The preview standalone experi...

  Introduction A generative AI-powered security solution called Security Copilot helps security professionals become more effective and capable of enhancing security outcomes at machine speed and scale. It supports security professionals in end-to-end scenarios like incident response, threat hunting, intelligence gathering, and posture management by offering an assistive copilot experience in natural language. Security Copilot Integration in Azure Firewall Azure Firewall is an intelligent network firewall security service that is cloud-native and offers the best threat protection for your Azure cloud workloads. It is a fully stateful firewall as a service that offers unlimited cloud scalability and built-in high availability.  Security Copilot's Azure Firewall integration enables analysts to use natural language queries to conduct in-depth analyses of the malicious traffic that their firewall's IDPS feature intercepted across their whole fleet. This integration can be used in ...

  Introduction Azure AI Search is a service that allows to reliably extract content search, extract, and understand at scale. It is typically used to search for documents, data surveys, and chat-style Copilot apps over proprietary data. Indexing and querying are Azure AI Search's two main workloads. While querying allows to search the content from index, indexing loads the content into the search engine and makes it searchable. By connecting to one of the Azure AI Search indexes from within Copilot, the Microsoft Security Copilot integration for Azure enables to use the content in Copilot to produce contextualized, pertinent, and targeted responses.  Requirement Before using the Azure AI Search plugin in Copilot, the desired Azure AI Search index to connect to Copilot is configured as follows: The text field must be searchable.  The title field must be filterable. The vector-field must use text-embedding-ada-002. Integrated vectorization can be used to setup an index in t...

  About Security Copilot has many preinstalled plugins available for Microsoft security services and other commonly used services as well as websites. However, custom plugins can also be added.  Manage Plugins There are two ways to configure the plugins on a list: Turn Plugins On or Off- Copilot uses active Microsoft plugins to access security-related data on behalf of authentication. However, if a plugin needs its own authentication configuration, it does so itself rather than on one's behalf. The four plugin categories of plugin sources are Microsoft, Non-Microsoft, Websites, and Customs. Decide which plugins to use. Service toggles can be turned on or off to use Security Copilot as a data source.  Choose the Security Copilot sources icon. Select the desired plugin by turning the toggle on or off. Inaccessible custom plugins won't appear, whereas, preinstalled inaccessible plugins will indicate they are Restricted. Personalize Plugin Settings- Personalize Security Copil...

  Introduction Security Copilot supports a number of non-Microsoft plugins and has a large number of default plugins. Adding or developing own plugin is another way to increase Security Copilot's functionality. Developers and users can create plugins on the Security Copilot platform that can be used to carry out specific tasks.  Preinstalled Plugins Learn how to use the plugins safely so that when Security Copilot is reacting to the commands, it can be used to gather information or take action. Any plugin can be used according to the services a company use.  Click on the plugin button to see which plugins Security Copilot can be used. Check for the plugins that are toggled on. Security Copilot can automatically use the available plugins without any extra setup.  Microsoft Plugins Security Copilot grants access to additional Microsoft services that are already available for a company via the on-behalf-of authentication flow. Some of them are as follows: Azure AI Searc...