Microsoft Copilot for Security Defender XDR Plugin Overview

What is Defender XDR?

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Defender XDR Plugin Key Features

Microsoft Defender XDR integrates the functionalities of Copilot for Security into its portal, empowering security teams to efficiently address attack investigations with accuracy and efficiency. The incorporation of AI into Microsoft Defender XDR facilitates instantaneous comprehension of attacks, swift assessment for applying suitable mitigation measures to halt and contain threats, expedited analysis of intricate files, and seamless threat hunting capabilities.

• Incident summarization
• Triage and investigate incidents with guided responses
• Script analysis
• Generate KQL queries
• Create incident reports
• File analysis
• Device summarization

Copilot Experiences

Standalone

Skills

• Defender XDR
  • Analyze a file
    • Inspect a file using available information, including API calls, certificates, and strings.
  • Generate an incident report
    • Get a report about an attack and your response, including who took action and when.
  • Generate guided response
    • Get step-by-step response recommendations for an incident.
  • List incidents and related alerts
    • Get the list of incidents or find specific incidents.
  • Summarize the security state of the device
    • Get device insights, security issues, and other important information.
• Natural Language to KQL for Microsoft Defender XDR
• Generate KQL queries for advanced threat hunting
  • Craft queries to find threats and weaknesses using Defender XDR and connected Microsoft Sentinel d…
• Microsoft Sentinel (Preview)
  • GetSentinelIncidents
    • Get a list of incidents from a Microsoft Sentinel workspace.
  • ListSentinelWorkspaces
    • Get a list of your Microsoft Sentinel workspaces.
• Natural Language to KQL for Microsoft Sentinel (Preview)
• Generate KQL queries for Microsoft Sentinel
  • Find threats and weaknesses across your environment with Microsoft Sentinel data.
• Incident Analysis
  •  
  • Provide an incident summary
    • Gets a summary of an incident given its GUID, number or URL
  • Provide entity summary of a given incident
    • Gets entities of an incident given its GUID ID number or URL

Promptbooks

• Microsoft 365 Defender incident investigation
  • Generate a report about a specific incident, with related alerts, reputation scores, users, and devices.
• Suspicious script analysis
  • Get a report analyzing the intent, intelligence, threat actors, and impacts of a suspicious script.

Embedded

• Access: Microsoft Defender XDR
• Use case: Investigate and respond to incidents like a pro
  • Summarize incidents quickly
  • Take action on incidents through guided responses
  • Run script analysis with ease
  • Generate device summaries
  • Analyze files promptly
  • Write incident reports efficiently
• Use case: Hunt like a pro
  • Generate KQL queries from natural-language input
• Use case: Protect your organization with relevant threat intelligence
  • Monitor threat intelligence

Additional Resources

• Defender XDR Embedded Copilot to standalone Copilot investigation
• Script Analyzer in Copilot for Security
• What’s new in Defender: How Copilot for Security can transform your SOC - Microsoft Community Hub
• Microsoft Defender XDR Ninja Training

Learn more about Copilot for Security

To learn more about Microsoft Copilot for Security, visit aka.ms/CopilotForSecurity or contact your Microsoft sales representative. If you missed us at Microsoft Secure, you may watch the replay video.