You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sentinel-security-copilot.md
+14-7Lines changed: 14 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,22 +55,29 @@ Increase your prompt accuracy by configuring a Microsoft Sentinel workspace as t
55
55
56
56
:::image type="content" source="media/sentinel-security-copilot/configure-default-sentinel-workspace.png" alt-text="Screenshot of the plugin personalization options for the Microsoft Sentinel plugin.":::
57
57
58
-
When you create prompts designed to access the other workspaces, specify the workspace name in your prompt.
58
+
> [!TIP]
59
+
> Specify the workspace in your prompt when it doesn't match the configured default.
60
+
>
61
+
> Example: `What are the top 5 high priority Sentinel incidents in workspace "soc-sentinel-workspace"?`
59
62
60
-
Example prompt:
63
+
### Integrate Microsoft Sentinel with Copilot in Defender
61
64
62
-
`What are the top 5 high priority Sentinelincidents in workspace "soc-sentinel-workspace"?`
65
+
Use the unified security operations platform with your Microsoft Sentinel data for an embedded Copilot for Security experience. Microsoft Sentinel's unified incidents in the Defender portal allow Copilot in Defender to use its capabilities with Microsoft Sentinel data.
63
66
64
-
### Integrate Microsoft Sentinel with Copilot in Defender
67
+
For example:
65
68
66
-
Use the unified security operations platform with your Microsoft Sentinel data for an embedded Copilot for Security experience. Microsoft Sentinel's new and improved capabilities in the Defender portal allows Copilot in Defender to serve up many of its capabilities with Microsoft Sentinel data.
69
+
- The [SAP (Preview) solution]() is installed in your workspace for Microsoft Sentinel.
70
+
- The near real-time rule [**SAP - (Preview) File Downloaded From a Malicious IP Address**](sentinel/sap/sap-solution-security-content.md#data-exfiltration) triggers an alert, creating a Microsoft Sentinel incident.
71
+
-[Microsoft Sentinel was added to the unified security operations platform](/defender-xdr/microsoft-sentinel-onboard).
72
+
- Microsoft Sentinel incidents are now unified with Defender XDR incidents.
73
+
- Use Copilot in Microsoft Defender for incident summary, guided responses and incident reports.
67
74
68
-
Example:
75
+
:::image type="content" source="media/sentinel-security-copilot/sentinel-incident-copilot-in-defender-example.png" lightbox="media/sentinel-security-copilot/sentinel-incident-copilot-in-defender-example.png" alt-text="Screenshot of Microsoft Sentinel incident from Defender portal with Copilot embedded experience.":::
69
76
70
77
For more information, see the following resources:
71
78
72
79
-[Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md#new-and-improved-capabilities).
73
-
-[Copilot in Microsoft Defender XDR](/defender-xdr/security-copilot-in-microsoft-365-defender)
80
+
-[Copilot in Microsoft Defender](/defender-xdr/security-copilot-in-microsoft-365-defender)
74
81
75
82
### Integrate Microsoft Sentinel with Copilot for Security in advanced hunting
0 commit comments