What’s New? – Security Copilot Azure logic app Connector
Published May 22 2024 09:00 AM 2,222 Views
Microsoft

As we pioneer the use of generative AI in security, we are continuing to learn from our Microsoft Copilot for Security customers. Feedback from our initial preview phase highlighted a strong demand for automation. Recognizing this, we've developed the Copilot for Security Azure Logic App connector to seamlessly integrate with your security workflows. This enhancement allows for the creation of custom prompts within Copilot, enabling dynamic input and output processing that boosts both efficiency and customization.

For example, if a user reports a phishing email, you might use a standard operating procedure to triage the email. This might involve extracting the indicators, assessing the domain reputation, etc. Copilot for Security can perform this analysis for you and send the results to someone for review.

 

This blog post delves into the of the Copilot for Security Logic App connector. We'll explore how it facilitates the integration of Copilot's AI capabilities and into existing workflows, revolutionizing automated security processes.

 

Figure 1: Security Copilot promptingFigure 1: Security Copilot prompting

 

What Is an Azure Logic App?

In this blog post, I'll be diving into the world of Azure Logic Apps, a versatile cloud service that revolutionizes the way users create and automate workflows. This powerful tool is expertly crafted to integrate applications, data, systems, and services across various enterprises or organizations.

 

Key Use Cases for Logic Apps Include:

  • Remediation: Streamlining the process of identifying and correcting issues within systems.
  • Enrichments: Enhancing data quality and utility by adding necessary details or context.
  • Business workflows: Automating and optimizing routine business processes for efficiency and effectiveness.
  • Logs transfer: Facilitating the seamless movement of log data between systems.
  • Integration with Azure functions: Empowering Logic Apps to call upon Azure functions for specialized tasks.

 

Copilot for Security Logic App Connector

We're excited to share some of the new and dynamic ways our connector is set to expand Copilot for Security capabilities:

  1. Extending promptbook logic: Copilot currently offers curated promptbooks that help users automate common actions associated with investigating an incident, responding to a vulnerability, analyzing a script and building a threat profile. Customers will soon be able to customize their own workflows. This Logic App connector offers an early preview of that functionality. Build workflows in the product and automate them using Logic Apps.
  2. Seamless integration with existing systems: Customers can now integrate Copilot prompts and the power of Generative AI directly into their existing workflows. This means smoother processes, whether it's integrating data from a ticketing system, analyzing CVEs from vulnerability management systems, or synchronizing with your own SOAR system.
  3. Expanding capabilities with Azure: The connector also opens the door to the extensive Azure logic app ecosystem. Customers can now combine Copilot’s robust features with over 200 security connectors available in Azure, significantly enhancing their security infrastructure and capabilities.

For sample and automation examples, check our new Github.

 

***Note: When utilizing Logic Apps with Copilot for Security, please be aware that it may increase your consumption of Secure Compute Units (SCUs). We recommend closely monitoring SCU usage to optimize resource management.

 

Prerequisites for using our new Logic App connector:

To make the most of this new Logic App connector, there are a few prerequisites to be aware of:

  1. Tenant deployment requirements: Your Logic App must be deployed within a tenant that is onboarded into Copilot for Security
  2. User authentication and role access: Users looking to authenticate with the Logic App connector must hold specific access roles. For a deeper understanding of these roles and how they function within the framework of Copilot, we recommend exploring Understand authentication in Microsoft Copilot for Security | Microsoft Learn
  3. Data access for enhanced security interaction: It's important that the authenticated user can access data from various remote security products. This encompasses tasks like reading Defender incident reports and gathering multi-factor authentication (MFA) details, among others.

 

Getting started with Copilot for Security Logic App connector.

  • After setting up the Azure Logic App and configuring the initial trigger step, proceed to search for the new Security Copilot action.

Figure 2: Adding an action in Secuity CopilotFigure 2: Adding an action in Secuity Copilot

  • After choosing the new Copilot action, proceed to fill in the following information:

 

Figure 3: Prompt content to fill parameterFigure 3: Prompt content to fill parameter

 

  • Prompt Content (required): Here, you can enter the prompt that needs to be evaluated.
  • Session Id (optional): This field is for the session context, helping to maintain continuity in your tasks.
  • Skill Inputs (optional): An optional field where you can input a JSON body. This is particularly useful for specifying values for required plugin parameters, or 'skills'.
  • Skill Name (optional): This option allows you to call a specific skill directly. It's a convenient way to bypass the standard Copilot planner if you're targeting a particular function.
  • Skillsets (optional): Similar to the 'Skill Name' option, this lets you directly call a skillset, providing a shortcut past the Copilot planner for more direct task execution.

These new parameters and inputs are designed to give you more flexibility and precision in how you use Copilot, enhancing your overall experience. Stay tuned for more updates and tips on how to optimize your use of these features.


**Important Reminder for Sequential Workflow Creation:
When designing a workflow that involves multiple prompts, it's crucial to include the session ID parameter in each step. This practice ensures continuity by maintaining the same session, thereby preserving context throughout the workflow sequence.

 

Figure 4: Including the SessionID parameterFigure 4: Including the SessionID parameter

 

So, we've explored how the new Copilot for Security Azure Logic App connector revolutionizes the integration of AI-driven security solutions into current workflows. This tool not only provides greater customization and smoother system integration, but also access to a broader range of ready-made Azure logic security tools integration. We encourage you to experience the efficiency of the Copilot for Security Azure Logic App connector in enhancing your security operations.

Co-Authors
Version history
Last update:
‎May 20 2024 09:31 AM
Updated by: