Microsoft Copilot for Security Tips & Tricks

by | Apr 7, 2024 | Security Copilot | 0 comments

Microsoft Copilot for Security is the copilot family member that plays a role in the field of cyber security. With Copilot for Security users can be used for Incident Summarization, Impact Analysis, Reverse engineering of files and guided response. 

You will find Copilot for Security in two experiences, the embedded experience (it’s appearence in the Microsoft Defender products) and the standalone experience (a ChatGPT like experience). In this blogpost I will give some tips and tricks to get the best out of a standalone session.

Hi Copilot for Security, What tasks can you execute?

As a security assistant, I can help you with a variety of tasks related to cybersecurity. Here are some examples:

    1. Threat Intelligence: I can provide information about specific threats, such as malware, vulnerabilities, and threat actors. This includes details about their behavior, impact, and mitigation strategies.
    2. Incident Analysis: I can help analyze security incidents by examining logs, network traffic, and other evidence. I can help identify indicators of compromise (IOCs), determine the scope of the incident, and suggest potential remediation steps.
    3. Security Advisories: I can provide information about recent security advisories, patches, and updates. This can help you stay informed about the latest threats and ensure your systems are up-to-date.
    4. Security Best Practices: I can provide guidance on security best practices, such as secure configuration, patch management, and incident response procedures.
    5. Security Tools: I can provide information about various security tools and technologies, such as firewalls, intrusion detection systems (IDS), and security information and event management (SIEM) systems.

Tip 1: Use effective prompts

As with all chat-based copilots, the quality of your prompt does reflect the outcome. Microsoft has a page about writing effective prompts for Microsoft Copilot for Security.

As stated on the Microsoft docs page, the following parts should exists in your prompt to get an effective response:

  • Goal – specific, security-related information that you need
  • Context – why you need this information or how you plan to use it
  • Expectations – format or target audience you want the response tailored to
  • Source – known information, data sources, or plugins Copilot for Security should use

 

Tip 2: Analyse (potential) malicious code

Copilot for Security is able to check weather a piece of code is safe. In the following example I have asked Copilot if a line of code is safe. This code is part of the web shell attack that got executed during the HAFNIUM attack on Exchange Servers in 2021.

As you can see in the screenshot, Copilot is perfectly capable of explaining the code, it splits the code into multiple logical parts and explains them well. It is also giving the advise to not run the code as it can be malicious.

Often scripts and code being used by attackers is obfuscated. Which means that it is not easy readable. Copilot for Security can be a good assistant to help you out there!

 

In the embedded experience of Copilot for Security in Microsoft XDR, there is also a possibility to let copilot analyze files. Read more about it here: https://learn.microsoft.com/en-us/microsoft-365/security/defender/security-copilot-m365d-script-analysis?view=o365-worldwide

Tip 3: It has access to threat intelligence

Copilto for Security has access to threat intelligence (provided by Defender for TI). This can be very helpful if you would like to learn more about a certain CVE, of want to check a filehash.

Tip 4: It can advice on security related topics

Copilot for Security knows cyber security. It also knows the strenghts and weaknesses of components that we can use to defend our environment. You can ask Copilot for Security questions related to cyber security measurements. 

Conclusion

As I wrap up this blog post about Copilot for Security, I want to highlight how useful this assistant has been. It knows a lot about cybersecurity and can give really good advice on many topics. But, it’s important to ask it the right questions. If the questions aren’t clear, it might use the wrong plugin or give answers that aren’t quite what we’re looking for.

 

With Copilot for Security you have a real cyber assistant at your fingertips. This is quite helpful and (when used right) can spare you a lot of time. With just a simple prompt you get information about CVE’s you are dealing with on screen or it tells you to implement a certain measurement (with a well defined reason) when asking.

In conclusion, Copilot for Security embodies the essence of a modern cybersecurity assistant: knowledgeable, adaptable, and crucially dependent on well-defined user prompts to guide its functionality. As we move forward in an era where digital security becomes increasingly paramount, tools like Copilot for Security not only offer peace of mind but also a strategic advantage in the ongoing battle against cyber threats. It’s more than just a nice assistant to have; it’s a critical component of any comprehensive cybersecurity strategy, capable of providing insights and solutions that are both timely and effective.

Getting started

I have created a video that gets you started with Copilot for Security, watch it here!

Submit a Comment

Your email address will not be published. Required fields are marked *