|
| 1 | +--- |
| 2 | +# required metadata |
| 3 | + |
| 4 | +title: Security Copilot (preview) and Defender EASM |
| 5 | +description: You can use Security Copilot to get information about your EASM data. |
| 6 | +author: dandennis |
| 7 | +ms.author: dandennis |
| 8 | +ms.date: 10/25/2023 |
| 9 | +ms.topic: conceptual |
| 10 | +ms.service: defender-easm |
| 11 | +ms.localizationpriority: high |
| 12 | + |
| 13 | +--- |
| 14 | + |
| 15 | +# Microsoft Security Copilot (preview) and Defender EASM |
| 16 | + |
| 17 | +> [!IMPORTANT] |
| 18 | +> The information in this article applies to the Microsoft Security Copilot Early Access Program, which is an invite-only paid preview program. Some information in this article relates to prereleased product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided in this article. |
| 19 | +
|
| 20 | + |
| 21 | +Security Copilot is a cloud-based AI platform that provides a natural language copilot experience. It can help support security professionals in different scenarios, like incident response, threat hunting, and intelligence gathering. For more information about what it can do, go to [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot). |
| 22 | + |
| 23 | +**Security Copilot integrates with Defender EASM**. |
| 24 | + |
| 25 | +Security Copilot can surface insights from Defender EASM about an organization's attack surface. You can use the system features built into Security Copilot, and use prompts to get more information. This information can help you understand your security posture and mitigate vulnerabilities. |
| 26 | + |
| 27 | +This article introduces you to Security Copilot and includes sample prompts that can help Defender EASM users. |
| 28 | + |
| 29 | + |
| 30 | + |
| 31 | +## Know before you begin |
| 32 | + |
| 33 | +- Ensure that you reference the company name in your first prompt. Unless otherwise specified, all future prompts will provide data about the initially specified company. |
| 34 | + |
| 35 | +- Be clear and specific with your prompts. You might get better results if you include specific asset names or metadata values (e.g. CVE IDs) in your prompts. |
| 36 | + |
| 37 | + It might also help to add **Defender EASM** to your prompt, like: |
| 38 | + |
| 39 | + - **According to Defender EASM, what are my expired domains?** |
| 40 | + - **Tell me about Defender EASM high priority attack surface insights.** |
| 41 | + |
| 42 | +- Experiment with different prompts and variations to see what works best for your use case. Chat AI models vary, so iterate and refine your prompts based on the results you receive. |
| 43 | + |
| 44 | +- Security Copilot saves your prompt sessions. To see the previous sessions, in Security Copilot, go to the menu > **My investigations**: |
| 45 | + |
| 46 | +  |
| 47 | + |
| 48 | + |
| 49 | + For a walkthrough on Security Copilot, including the pin and share feature, go to [Navigating Microsoft Security Copilot](/security-copilot/navigating-security-copilot). |
| 50 | + |
| 51 | +For more information on writing Security Copilot prompts, go to [Microsoft Security Copilot prompting tips](/security-copilot/prompting-tips). |
| 52 | + |
| 53 | + |
| 54 | + |
| 55 | +## Open Security Copilot |
| 56 | + |
| 57 | +1. Go to [Microsoft Security Copilot](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials. |
| 58 | +2. By default, Defender EASM should be enabled. To confirm, select **plugins** (bottom left corner): |
| 59 | + |
| 60 | +  |
| 61 | + |
| 62 | + |
| 63 | + In **My plugins**, confirm Defender EASM is on. Close **Plugins**. |
| 64 | + |
| 65 | + > [!NOTE] |
| 66 | + > Some roles can enable or disable plugins, like Defender EASM. For more information, go to [Manage plugins in Microsoft Security Copilot](/security-copilot/manage-plugins). |
| 67 | +
|
| 68 | +3. Enter your prompt. |
| 69 | + |
| 70 | + |
| 71 | + |
| 72 | +## Built-in system features |
| 73 | + |
| 74 | +In Security Copilot, there are built in system features. These features can get data from the different plugins that are enabled. |
| 75 | + |
| 76 | +To view the list of built-in system capabilities for Defender EASM, use the following steps: |
| 77 | + |
| 78 | +1. In the prompt, enter **/**. |
| 79 | +2. Select **See all system capabilities**. |
| 80 | +3. In the Defender EASM section, you can: |
| 81 | + |
| 82 | + - Get attack surface summary. |
| 83 | + - Get attack surface insights. |
| 84 | + - Get assets affected by CVEs by priority or CVE ID. |
| 85 | + - Get assets by CVSS score. |
| 86 | + - Get expired domains. |
| 87 | + - Get expired SSL certificates. |
| 88 | + - Get SHA1 certificates. |
| 89 | + |
| 90 | + |
| 91 | + |
| 92 | +## Sample prompts for Defender EASM? |
| 93 | + |
| 94 | +There are many prompts you can use to get information about your Defender EASM data. This section lists some ideas and examples. |
| 95 | + |
| 96 | +### General information about your attack surface |
| 97 | + |
| 98 | +Get **general information** about your Defender EASM data, like an attack surface summary or insights about your inventory. |
| 99 | + |
| 100 | +**Sample prompts**: |
| 101 | + |
| 102 | +- Get the external attack surface for my organization. |
| 103 | +- What are the high priority attack surface insights for my organization? |
| 104 | + |
| 105 | + |
| 106 | + |
| 107 | +### CVE vulnerability data |
| 108 | + |
| 109 | +Get details on **CVEs that are applicable to your inventory**. |
| 110 | + |
| 111 | +**Sample prompts**: |
| 112 | + |
| 113 | +- Is my external attack surface impacted by CVE-2023-21709? |
| 114 | +- Get assets affected by high priority CVSS's in my attack surface. |
| 115 | +- How many assets have critical CVSS's for my organization? |
| 116 | + |
| 117 | + |
| 118 | + |
| 119 | +### Domain and SSL certificate posture |
| 120 | + |
| 121 | +Get information about **domain and SSL certificate posture**, like expired domains and usage of SHA1 certificates. |
| 122 | + |
| 123 | +**Sample prompts**: |
| 124 | + |
| 125 | +- How many domains are expired in my organization's attack surface? |
| 126 | +- How many SSL certificates are expired for my organization? |
| 127 | +- How many assets are using SSL SHA1 for my organization? |
| 128 | +- Get list of expired SSL certificates. |
| 129 | + |
| 130 | + |
| 131 | + |
| 132 | +## Provide feedback |
| 133 | + |
| 134 | +Your feedback on the Defender EASM integration with Security Copilot helps with development. To provide feedback, in Security Copilot, use the feedback buttons at the bottom of each completed prompt. Your options are "Looks Right," "Needs Improvement" and "Inappropriate." |
| 135 | + |
| 136 | + |
| 137 | +Your options: |
| 138 | + |
| 139 | +- **Confirm**: The results match expectations. |
| 140 | +- **Off-target**: The results don't match expectations. |
| 141 | +- **Report**: The results are harmful in some way. |
| 142 | + |
| 143 | +Whenever possible, and when the result is **Off-target**, write a few words explaining what can be done to improve the outcome. If you entered Defender EASM-specific prompts and the results aren't EASM related, then include that information. |
| 144 | + |
| 145 | + |
| 146 | + |
| 147 | +## Data processing and privacy |
| 148 | + |
| 149 | +When you interact with the Security Copilot to get Defender EASM data, Security Copilot pulls that data from Defender EASM. The prompts, the data that's retrieved, and the output shown in the prompt results is processed and stored within the Security Copilot service. |
| 150 | + |
| 151 | +For more information about data privacy in Security Copilot, go to [Privacy and data security in Microsoft Security Copilot](/security-copilot/privacy-data-security). |
| 152 | + |
| 153 | + |
| 154 | + |
| 155 | +## Related articles |
| 156 | + |
| 157 | +- [What is Microsoft Security Copilot?](/security-copilot/microsoft-security-copilot) |
| 158 | +- [Privacy and data security in Microsoft Security Copilot](/security-copilot/privacy-data-security) |
0 commit comments