You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sentinel-security-copilot.md
+12-17Lines changed: 12 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,29 +88,24 @@ If you have access to multiple Microsoft Sentinel workspaces, increase your prom
88
88
89
89
Example prompt:
90
90
91
-
`*What are the top 5 high priority Sentinel incidents in workspace "soc-sentinel-workspace"?*`
91
+
`What are the top 5 high priority Sentinel incidents in workspace "soc-sentinel-workspace"?`
92
92
93
-
### Sample prompts
93
+
### Improve your Microsoft Sentinel prompts
94
94
95
95
Consider the **Microsoft Sentinel incident investigation** promptbook as a starting point for creating effective prompts. This promptbook delivers a report about a specific incident, along with related alerts, reputation scores, users, and devices.
96
96
97
-
For more information, see [Using promptbooks](/copilot/security/using-promptbooks).
97
+
| Prompt guidance | prompt |
98
+
|---|---|
99
+
|Nudge Copilot to provide human readable information instead of responding with object IDs. |`Show me Sentinel incidents that were closed as a false positive. Supply the Incident number, Incident Title, and the time they were created.`|
100
+
| Copilot knows who you are. Use the "me" pronoun to find incidents related to you. The following prompt targets incidents assigned to you. |`What Sentinel incidents created in the last 24 hours are assigned to me? List them with highest priority incidents at the top.`|
101
+
| When you narrow a prompt response down to a single incident, Copilot knows the context.|`Tell me about the entities associated with that incident.`|
102
+
| Copilot is good at summarizing. A useful way to summarize the prompts and responses so far for a specific audience. |`Write an executive report summarizing this investigation. It should be suited for a nontechnical audience.`|
98
103
99
-
For general guidance on writing effective prompts, see [Prompting in Microsoft Copilot for Security](/security-copilot/prompting-security-copilot). Here are some examples that incorporate that guidance:
104
+
For more prompt guidance and samples, see the following resources:
100
105
101
-
The second part of the following prompt nudges Copilot to provide human readable information instead of responding with object IDs.<br>
102
-
`Show me Sentinel incidents that were closed as a false positive. Supply the Incident number, Incident Title, and the time they were created.`
103
-
104
-
Copilot knows who you are.<br>
105
-
`What Sentinel incidents created in the last 24 hours are assigned to me? List them with highest priority incidents at the top.`
106
-
107
-
When you narrow a prompt response down to a single incident, Copilot knows the context.<br>
108
-
`Tell me about the entities associated with that incident.`
109
-
110
-
A useful way to summarize the prompts and responses so far.<br>
111
-
`Write an executive report summarizing this investigation. It should be suited for a nontechnical audience.`
112
-
113
-
For more information on sample prompts, see [Rod Trent's Copilot for Security GitHub](https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/Sentinel.md).
0 commit comments