Security Copilot Training

By Ashwin Venugopal -

 






Security Copilot Customer Connection Program (CCP)

This program allows the users to stay updated with Security Copilot. Its members generally have access to:
  1. The latest technical product information and access to private previews.
  2. Free weekly technical trainings and product skilling webinars. 
  3. A teams community to discuss with Security Copilot product experts and engineers.

What's new in Microsoft Security Copilot?

Security Copilot is regularly improvised. Some of its latest releases are:
  • Security Copilot Adoption hub- General Availability
Type: New feature
Experience: Standalone

Access useful links of training, videos, GitHub, repository for sample plugins, and other technical readiness information. 
  • Persona-based prompt library- Public preview
Type: Change
Experience: Standalone

This standalone portal landing page has been redesigned with the goal of making Security Copilot's current features more visible to users and facilitating a quicker start. The "blank page problem" can be solved, users can discover what it can do, and they won't have to worry about crafting the perfect prompt thanks to the library of suggested initial prompts. 

  • Usage dashboard- General Availability

Type: Change
Experience: Standalone

This feature helps in drilling down of the data on the dashboard's bar graph via the filtering capability on the side filter. This contrasts with the previous version's static bar graph, which showed the total number of hourly units consumed continuously regardless of the search parameters used. Moreover, the exportable excel sheet displays SCUs as numbers, making it easier for analysts to work directly with the consumption statistics in Excel.

  • Microsoft Entra- Public preview

Type: New feature
Experience: Embedded

In the Microsoft Entra Admin Centre, users can interact directly with Security Copilot. In addition to helping with troubleshooting chores like resolving identity-related threats and sign-in issues, identity administrators also benefit from AI-driven, natural language summaries of identity context and insights.

  • Aviatrix- Public preview

Type: New feature
Experience: Standalone

Together, Microsoft Security Copilot and Aviatrix have developed an AI-enabled plugin that enables the users to use Microsoft Defender Threat Intelligence with Aviatrix to identify emerging threats and counter them by enforcing firewall policies.
  • CheckPhish- Public preview
Type: New feature
Experience: Standalone

This plugin enables the users to scan URLs for possible phishing attacks, tech support scams, cryptojacking, and other security issues.

  • Quest- Public preview

Type: New feature
Experience: Standalone

An Active Directory security tool called Quest Security Guardian was created to lessen your attack surface. Security Guardian prioritizes your most exploitable vulnerabilities and Active Directory configurations that require attention, reducing alert fatigue from a streamlined, unified workspace.

  • RBAC- General Availability

Type: Changed
Experience: Standalone

The default contributor role enabled for new tenants will be the suggested roles. It will eliminate the need for Security Administrators to add each user to the contributor role separately, enabling users who are part of these app-specific roles (like Microsoft Intune and Microsoft Entra) to access Security Copilot. It will be impossible for the users who are not part of these groups to gain unauthorized access.

  • Non-Microsoft plugin updates- General Availability

Type: Changed
Experience: Standalone

Currently, over 15 non-Microsoft plugins are widely accessible. Customers of Security Copilot can now take advantage of features of their preferred security solutions. 

The above items are some of the examples of the available modifications.

Conclusion

This page provides some information about Security Copilot's latest releases, known issues, and applicable changes in near-future.







































Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different...
Read more

Deployment (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 3, please click  here Microsoft Sentinel Content Hub Content in Microsoft Sentinel includes any of the following types: Data connectors offer log ingestion from different sources into Microsoft Sentinel. Parsers give log formatting/transformation into ASIM formats, supporting usage across various Microsoft Sentinel content types and scenarios. Workbooks provide monitoring, visualization, and interactively with data in Microsoft Sentinel, highlighting meaningful insights for users.  Analytics rules give alerts that point to relevant SOC actions via incidents.  Hunting Queries are used by SOC teams to proactively hunt for threats in Microsoft Sentinel. Notebooks help SOC teams in using advanced hunting features in Jupyter and Azure Notebooks. Watchlists support the ingestion of specific data for enhanced threat detection and reduced alert fatigue.  Playbooks and Azure Logic Apps Custom Connectors provide featu...
Read more

Deployment (Part 1)

By Ashwin Venugopal -
Image
  To read part 2, please click  here To read part 3, please click  here Azure Resources Microsoft Sentinel needs following resources to be created: Subscription (if a dedicated subscription(s) will be used) Resource group(s) Log Analytics workspace(s) Automation rules/playbook Alert rules Workbooks Microsoft Sentinel offers hundreds of alert rules, workbooks, and automation playbook templates along with hunting scripts. The templates can be used to activate/deploy schedule alerts, create customized dashboards, create automation playbooks and perform threat-hunting activities. Generally, once deployed, the resources created have to be adjusted to match the existing environment, configure local credentials, etc. Methods of deployment: Manual- Administrator can manually configures the Microsoft Sentinel resources with the help of Azure portal. Any manual process has the inherent risks of human operator error, lack of compliance with potential change control procedures, and u...
Read more