Azure Firewall integration in Copilot for Security: protect networks at machine speed with Gen AI
Published May 21 2024 09:00 AM 722 Views
Microsoft

Figure 1: How Copilot for Security works with the Azure Firewall pluginFigure 1: How Copilot for Security works with the Azure Firewall plugin

The Azure Firewall integration in Copilot for Security helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.

 

Figure 2: The Azure Firewall plugin enabled in the Copilot for Security standalone experienceFigure 2: The Azure Firewall plugin enabled in the Copilot for Security standalone experience

These capabilities are now in public preview:

 

Figure 3: The four Azure Firewall capabilities in Public PreviewFigure 3: The four Azure Firewall capabilities in Public Preview

 

  • Retrieve the top IDPS signature hits for an Azure Firewall: Get log information about the traffic intercepted by the IDPS feature instead of constructing KQL queries manually.
  • Enrich the threat profile of an IDPS signature beyond log information: Get additional details to enrich the threat information/profile of an IDPS signature instead of compiling it yourself manually. The Microsoft Defender Threat Intelligence plugin is another source that Copilot may use to provide threat intelligence for IDPS signatures.
  • Look for a given IDPS signature across your tenant, subscription, or resource group: Perform a fleet-wide search (over any scope) for a threat across all your Firewalls instead of searching for the threat manually.
  • Generate recommendations to secure your environment using Azure Firewall's IDPS feature: Get information from documentation about using Azure Firewall's IDPS feature to secure your environment instead of having to look up this information manually. Copilot may also use the Ask Microsoft Documentation capability to provide this information.

 

These capabilities were announced at RSA and are available in public preview at Build. Take a look at this blog to learn more about the user journey and value that Copilot can deliver: Bringing generative AI to Azure network security with new Microsoft Copilot integrationsLearn more in our documentation and this other Tech Community blog about these capabilities and how to access them in Microsoft Copilot for Security today!

Co-Authors
Version history
Last update:
‎May 20 2024 11:27 PM
Updated by: