Blog Post

Microsoft Security Copilot Blog
5 MIN READ

Unifying security tools with Copilot for Security's partner ecosystem

shivpatel-ms's avatar
shivpatel-ms
Icon for Microsoft rankMicrosoft
May 06, 2024

Introduction

We are excited to announce the introduction of 15 partner plugins in Public Preview that were released for customers of Copilot for Security. These plugins enable you to extend the capabilities of leading security vendors across the industry, from threat intelligence to incident response, data protection, and more. These plugins were co-developed by Microsoft and third-party independent software vendors (ISVs) to meet you where you are, no matter what security tools you use.

 

These capabilities will empower you with third-party intelligence to protect against cyberthreats with the speed and scale of AI. You can easily integrate these plugins with Copilot for Security and leverage advanced analytics, automation, and orchestration features to enhance your security posture and efficiency.

 

New Capabilities

The new plugins (in Public Preview) cover a wide range of security domains and use cases, and they are designed to work seamlessly with Copilot for Security. Here are some of the highlights of the new capabilities and what they can unlock for you & your organization. These prompts can also be leveraged as part of custom promptbooks (learn more here) to build repeatable workflows for you & your organization to re-use.

 

 

CIRCL.lu (MISP Project)

Query various file hashes against the Computer Incident Response Center Luxembourg (CIRCL)'s known database of files. This can help you identify malicious or suspicious files and take appropriate actions.

 

Example Prompt: lookup this SHA-256 hash <file-hash> using CIRCL

 

Crowdsec

Enhance your network security with CrowdSec Threat Intelligence: Gain detailed insights into IP reputations, advanced classifications, historical activity and behavior patterns of potential threats to stay one step ahead of cyber attackers.

 

Example Prompt: Ask Crowdsec about this IP

 

CyberArk

Get insights on privileged accounts and provide a quick remediation framework for customers using Cyberark Privilege Cloud (PAM SaaS)

 

Example Prompt: “According to Cyberark, get me all privileged accounts”

Example Prompt: “Get all account details about an account with the username <power_user>”

 

Darktrace

Leverage threat detection and remediation insights from Darktrace’s  ActiveAI Security platform.

 

Example Prompt: “What were the top 5 high-scoring Darktrace alerts in the last week?”

Example Prompt: “What are the common themes among the Darktrace AI Analyst incidents with a score higher than 90 from the past month?”

 

Jamf

Gain easy access to inventory & security insights from your Jamf Pro-managed devices

 

Example Prompt: “Ask Jamf for complete inventory details for mac serial number H2WFP7BPF6XX."

Example Prompt: "What are all the user accounts on mac H2WFP7BPF6XX and what are their privilege levels?"

 

GreyNoise Community & Enterprise

Query GreyNoise Community & Enterprise APIs to allow for IP lookups, context, and other critical details in the GreyNoise noise datasets. This can help you filter out benign or irrelevant IP addresses and focus on the ones that pose a real threat.

 

Example Prompt: Tell me about IP address "118.25.6.39" using the GreyNoise database

Example Prompt: to check the Riot information on IP 183.221.243.13

 

RedCanary
Leverage Red Canary’s managed detection and response (MDR) platform to protect endpoints, network, cloud workloads, identities, and SaaS applications from emerging threats.
 

Example Prompt: “Can you show me the most recent events investigated by Red Canary?"

Example Prompt: "Can you give me more details on Red Canary Threat ID 72?"

 

ReversingLabs

Using the Spectra Intelligence platform from ReversingLabs, get insight into file reputation and analysis reports for quicker triage & response times.

 

Example Prompt: According to ReversingLabs, get the MITRE ATT&CK techniques from the detailed file analysis of <filehash>

 

 

 

 

 

Shodan

Enable users to get enhanced visibility into your organization's internet-facing assets using Shodan


Example Prompt: “Check IP Address 1.1.1.1 using Shodan”

Example Prompt: “What does Shodan know about the host count for port:22?”

 

URLScan

Scan and analyze a URL using urlscan.io. This can help you detect phishing sites, brand impersonation, or other malicious websites and prevent them from compromising your users or systems.

 

Example Prompt: Use URLScan to scan www.exampledomain.com

 

Recently Announced Capabilities

 

 

Cyware Respond

Streamline incident and threat response using Cyware Respond’s robust threat response automation platform

 

Example Prompt: “Search for incidents related to 'ransomware' in Cyware Respond.”

 

Netskope

Gather intelligence on events and alerts across your Netskope infrastructure. This can help you monitor and protect your cloud applications and data from threats and risks.

 

Example Prompt: “show me all Netskope malware alerts”

 

SGNL

Maintain a posture of zero standing privilege with cross-ecosystem visibility and insights. Gain insights into fine-grained access decision and trends across your SGNL assets. 

 

Example Prompt: “Summarize the logs from SGNL for today

 

Tanium

Enable analysts of all skill levels tools to make informed decisions and confidently take decisive actions using Tanium’s real-time endpoint data.

 

Example Prompt: “Using Tanium, return the endpoints vulnerable to <cve-id>”

 

 

Valence Security

Find and fix SaaS risks with SaaS security posture management and threat detection. Protect business-critical data with insights into SaaS permissions, activities, SaaS-to-SaaS integrations, and misconfiguration risks.

 

Example Prompt: "Which high privileged actions did <userEmail> take over the past day?"

 

Getting Started

You can find these plugins in the "Sources" section of Copilot for Security and install them with a few clicks. Once enabled and configured, you can use them to query, analyze, and act on the data from your third-party sources, and integrate them within your security workflows and reporting.

 

Figure 1: Sources in Copilot for Security

We hope you are as excited as we are about these new plugins and how they can enhance your security posture and response. We encourage you to try them out and share your feedback with us on what sorts of capabilities can help you combat emerging cyberthreats using the power of Generative AI.

 

Figure 2: Managing sources in Copilot for Security

 

Don't see your favorite security tool here? 

Our growing ecosystem of partnerships is evolving rapidly! Stay tuned for more updates and announcements from us on our evolving ecosystem of security partners.

 

Security platform providers, you can visit https://aka.ms/CopilotforSecurityPartners to see how you can supercharge your customers’ workflows using Copilot for Security. If you're interested in contributing or learning about Copilot for Security, visit our recently launched community GitHub!

 

Learn more about building, managing, and using these plugins for your organization.

Updated May 06, 2024
Version 1.0
No CommentsBe the first to comment