Updates from Joey Caparas

vhorne · vhorne · commit 7bde07c410b4 · 2024-10-30T10:45:10.000-07:00
diff --git a/articles/firewall/firewall-copilot.md b/articles/firewall/firewall-copilot.md
@@ -18,67 +18,61 @@ ms.collection: Tier1, ce-skilling-ai-copilot
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
 
-Microsoft Copilot for Security is a generative AI-powered security solution that helps increase the efficiency and capabilities of security personnel to improve security outcomes at machine speed and scale. It provides a natural language, assistive copilot experience helping support security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management. For more information about what it can do, see [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
+Security Copilot is a generative AI-powered security solution that helps increase the efficiency and capabilities of security personnel to improve security outcomes at machine speed and scale. It provides a natural language, assistive copilot experience helping support security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management. For more information about what it can do, see [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
 
-## Copilot for Security integrates with Azure Firewall
-
-Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
-
-The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
+## Know before you begin
 
-This article introduces you to Copilot and includes sample prompts that can help Azure Firewall users.
+If you're new to Security Copilot, you should familiarize yourself with it by reading these articles:
+- [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot)
+- [Microsoft Copilot for Security experiences](/security-copilot/experiences-security-copilot)
+- [Get started with Microsoft Copilot for Security](/security-copilot/get-started-security-copilot)
+- [Understand authentication in Microsoft Copilot for Security](/security-copilot/authentication)
+- [Prompting in Microsoft Copilot for Security](/security-copilot/prompting-security-copilot)
 
-## Know before you begin
+## Security Copilot integration in Azure Firewall
 
-- You can use the Azure Firewall integration in Copilot for Security in the [Copilot for Security portal](https://securitycopilot.microsoft.com). For more information, see  [Microsoft Copilot for Security experiences](/copilot/security/experiences-security-copilot).
-- Be clear and specific with your prompts. You might get better results if you include specific time frames, resources, and threats in your prompts. It might also help if you add **Azure Firewall** to your prompt.
+Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
 
-- Use the example prompts in this article to help guide your interactions with Copilot.  
-- Experiment with different prompts and variations to see what works best for your use case. Chat AI models vary, so iterate and refine your prompts based on the results you receive.
-- Copilot for Security saves your prompt sessions. To see the previous sessions, from the Copilot [Home menu](/copilot/security/navigating-security-copilot#home-menu), go to **My sessions**.
+The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS and/or threat intelligence features of their firewalls across their entire fleet using natural language questions in the Security Copilot standalone experience.
 
-   :::image type="content" source="media/firewall-copilot/copilot-my-sessions.png" alt-text="Partial screenshot of the Microsoft Copilot for Security Home menu with My sessions highlighted.":::
-    
-   > [!NOTE]
-   > For a Copilot walkthrough, including the pin and share feature, see [Navigate Microsoft Copilot for Security](/copilot/security/navigating-security-copilot).
+This article introduces you to Copilot and includes sample prompts that can help Azure Firewall users.
 
- 
-For more information about writing effective Copilot for Security prompts, see [Create effective prompts](/copilot/security/prompting-tips).
+You can use the Azure Firewall integration in Security Copilot in the [Security Copilot portal](https://securitycopilot.microsoft.com). For more information, see  [Microsoft Copilot for Security experiences](/copilot/security/experiences-security-copilot).
 
-## Using the Azure Firewall integration in the Copilot for Security standalone portal
+## Key features
+Security Copilot has built-in system features that can get data from the different plugins that are turned on.
 
-1.  Ensure your Azure Firewall is configured correctly:
-    - [Azure Structured Firewall Logs](firewall-structured-logs.md#resource-specific-mode) – the Azure Firewalls to be used with Copilot for Security must be configured with resource specific structured logs for IDPS and these logs must be sent to a Log Analytics workspace.
-    - [Role Based Access Control for Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/role-based-access-control-for-azure-firewall/ba-p/2245598) – the users using the Azure Firewall plugin in Copilot for Security must have the appropriate Azure RBAC roles to access the Firewall and associated Log Analytics workspace(s).
-2.	Go to [Microsoft Copilot for Security](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
-1. In the prompt bar, select the **Sources** icon.
+To view the list of built-in system capabilities for Azure Firewall, use the following procedure:
 
-  :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
+1.	In the prompt bar, select the **Prompts** icon.
 
+    :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-prompts.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Prompts icon highlighted.":::
 
-   In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window. No additional configuration is necessary, as long as structured logs are being sent to a Log Analytics workspace and you have the right RBAC permissions, Copilot will find the data it needs to answer your questions.
-   
-  :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::    
+2.	Select **See all system capabilities**. The **Azure Firewall** section lists all the available capabilities that you can use.
 
-  > [!NOTE]
-  > Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
 
+## Enable the Azure Firewall integration in Security Copilot
 
-4. Enter your prompt in the prompt bar.
+1.  Ensure your Azure Firewall is configured correctly:
+    - [Azure Structured Firewall Logs](firewall-structured-logs.md#resource-specific-mode) – the Azure Firewalls to be used with Security Copilot must be configured with resource specific structured logs for IDPS and these logs must be sent to a Log Analytics workspace.
+    - [Role Based Access Control for Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/role-based-access-control-for-azure-firewall/ba-p/2245598) – the users using the Azure Firewall plugin in Security Copilot must have the appropriate Azure RBAC roles to access the Firewall and associated Log Analytics workspace(s).
+2.	Go to [Security Copilot](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
+3.	Ensure that the Azure Firewall plugin is turned on. In the prompt bar, select the **Sources** icon.
 
-## Built-in system features
+    :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Security Copilot with the Sources icon highlighted.":::
 
-Copilot for Security has built-in system features that can get data from the different plugins that are turned on.
+  
+    In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window.
 
-To view the list of built-in system capabilities for Azure Firewall, use the following procedure:
+    :::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::    
 
-1.	In the prompt bar, select the **Prompts** icon.
+    > [!NOTE]
+    > Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
 
-    :::image type="content" source="media/firewall-copilot/copilot-prompts-bar-prompts.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Prompts icon highlighted.":::
 
-2.	Select **See all system capabilities**. The **Azure Firewall** section lists all the available capabilities that you can use.
+4. Enter your prompt in the prompt bar.
 
-## Sample prompts for Azure Firewall
+## Sample Azure Firewall prompts
 
 There are many prompts you can use to get information from Azure Firewall. This section lists the ones that work best today. They're continuously updated as new capabilities are launched.
 
@@ -105,7 +99,9 @@ Get **additional details** to enrich the threat information/profile of an IDPS s
 - I see that the third signature ID is associated with CVE _\<CVE number\>_, tell me more about this CVE.
 
 > [!NOTE]
-> The Microsoft Threat Intelligence plugin is another source that Copilot for Security may use to provide threat intelligence for IDPS signatures.
+>The Microsoft Threat Intelligence plugin is another source that Security Copilot may use to provide threat intelligence for IDPS signatures.
+
+
 ### Look for a given IDPS signature across your tenant, subscription, or resource group
 
 Perform a **fleet-wide search** (over any scope) for a threat across all your Firewalls instead of searching for the threat manually.
@@ -128,7 +124,7 @@ Get **information from documentation** about using Azure Firewall's IDPS feature
 - What is the difference in risk between alert only and alert and block modes for IDPS?
 
 > [!NOTE]
->Copilot for Security may also use the *Ask Microsoft Documentation* capability to provide information on how to use Azure Firewall's IDPS feature to secure your environment.
+>Security Copilot may also use the *Ask Microsoft Documentation* capability to provide information on how to use Azure Firewall's IDPS feature to secure your environment.
 
 
 ## Provide feedback
@@ -140,10 +136,10 @@ Your feedback is vital to guide the current and planned development of the produ
 
 For each feedback option, you can provide more information in the next dialog box that appears. Whenever possible, and especially when the result is **Needs improvement**, write a few words explaining what can be done to improve the outcome. If you entered prompts specific to Azure Firewall and the results aren't related, then include that information.
 
-## Data processing and privacy
+## Privacy and data security in Security Copilot
 
-When you interact with Copilot for Security to get Azure Firewall data, Copilot pulls that data from Azure Firewall. The prompts, the data retrieved, and the output shown in the prompt results are processed and stored within the Copilot service. For more information, see [Privacy and data security in Microsoft Copilot for Security](/copilot/security/privacy-data-security).
+When you interact with Security Copilot to get Azure Firewall data, Copilot pulls that data from Azure Firewall. The prompts, the data retrieved, and the output shown in the prompt results are processed and stored within the Copilot service. For more information, see [Privacy and data security in Microsoft Copilot for Security](/copilot/security/privacy-data-security).
 
 ## Related content
 
-- [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
+- [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
diff --git a/articles/web-application-firewall/waf-copilot.md b/articles/web-application-firewall/waf-copilot.md
@@ -1,7 +1,7 @@
 ---
 title: Azure Web Application Firewall integration in Microsoft Copilot for Security (preview)
 description: Learn about using Microsoft Copilot for Security to investigate traffic flagged by Azure Web Application Firewall.
-keywords: security copilot, copilot for security, threat intelligence, intrusion detection and prevention system, plugin, integration, azure web application firewall, copilot, open ai, openai co-pilot
+keywords: copilot for security, copilot for security, threat intelligence, intrusion detection and prevention system, plugin, integration, azure web application firewall, copilot, open ai, openai co-pilot
 author: sowmyam2019
 ms.author: victorh
 ms.date: 05/20/2024
@@ -17,7 +17,7 @@ ms.collection: Tier1, ce-skilling-ai-copilot
 > Azure Web Application Firewall integration in Microsoft Copilot for Security is currently in PREVIEW.
 > See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-Microsoft Copilot for Security is a cloud-based AI platform that provides natural language copilot experience. It can help support security professionals in different scenarios, like incident response, threat hunting, and intelligence gathering. For more information, see [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot)
+Copilot for Security is a cloud-based AI platform that provides natural language copilot experience. It can help support security professionals in different scenarios, like incident response, threat hunting, and intelligence gathering. For more information, see [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot)
 
 Azure Web Application Firewall (WAF) integration in Copilot for Security enables deep investigation of Azure WAF events. It can help you investigate WAF logs triggered by Azure WAF in a matter of minutes and provide related attack vectors using natural language responses at machine speed. It provides visibility into your environment’s threat landscape. It allows you to retrieve a list of most frequently triggered WAF rules  and identify the top offending IPaddresses in your environment. 
 
@@ -32,11 +32,11 @@ If you're new to Copilot for Security, you should familiarize yourself with it b
 - [Understand authentication in Microsoft Copilot for Security](/security-copilot/authentication)
 - [Prompting in Microsoft Copilot for Security](/security-copilot/prompting-security-copilot)
 
-## Azure WAF integration in Copilot for Security
+## Copilot for Security integration in Azure WAF 
 
 This integration supports the standalone experience and is accessed through [https://securitycopilot.microsoft.com](https://securitycopilot.microsoft.com). This is a chat-like experience that you can use to ask questions and get answers about your data. For more information, see [Microsoft Copilot for Security experiences](/security-copilot/experiences-security-copilot#standalone-and-embedded-experiences).
 
-### Features in the standalone experience
+## Key features 
 
 The preview standalone experience in Azure WAF can help you with:
 
@@ -55,20 +55,20 @@ The preview standalone experience in Azure WAF can help you with:
    This Azure WAF skill helps you understand why Azure WAF blocked Cross Site Scripting(XSS) attacks to web applications. It does this by analyzing Azure WAF logs and connecting related logs over a specific time period. The result is an easy-to-understand natural language explanation of why an XSS request was blocked.
 
 
-## Enable the Azure WAF integration in Microsoft Copilot for Security
+## Enable the Azure WAF integration in Copilot for Security
 
 To enable the integration, follow these steps:
 
 1.	Ensure that you have at least Copilot contributor permissions.
 2.	Open [https://securitycopilot.microsoft.com/](https://securitycopilot.microsoft.com).
-3.	Open the Microsoft Copilot for Security menu.
+3.	Open the Copilot for Security menu.
  4.	Open **Sources** in the prompt bar.  
 5.	On the Plugins page, set the Azure Web Application Firewall toggle to **On**.
 6.	Select the Settings on the Azure Web Application Firewall plugin to configure the Log Analytics workspace, Log Analytics subscription ID, and the Log Analytics resource group name for Azure Front Door WAF and/or the Azure Application Gateway WAF. You can also configure the Application Gateway WAF policy URI and/or Azure Front Door WAF policy URI.
 7.	To start using the skills, use the prompt bar.
-:::image type="content" source="media/waf-copilot/prompt-bar.png" alt-text="Screenshot showing the Security copilot prompt bar.":::
+:::image type="content" source="media/waf-copilot/prompt-bar.png" alt-text="Screenshot showing the Copilot for Security prompt bar.":::
 
-## Sample prompts
+## Sample Azure WAF prompts
 
 You can create your own prompts in Copilot for Security to perform analysis on the attacks based on WAF logs. This section shows some ideas and examples.
 
@@ -122,9 +122,9 @@ For each feedback item, you can provide more information in the next dialog box
 
 If you've migrated to Azure Log Analytics dedicated tables in the Application Gateway WAF V2 version, the Copilot for Security WAF Skills aren't functional. As a temporary workaround, enable Azure Diagnostics as the destination table in addition to the resource-specific table.
 
-## Privacy and data security in Microsoft Copilot for Security
+## Privacy and data security in Copilot for Security
 
-To understand how Microsoft Copilot for Security handles your prompts and the data that’s retrieved from the service(prompt output), see [Privacy and data security in Microsoft Copilot for Security](/security-copilot/privacy-data-security).
+To understand how Copilot for Security handles your prompts and the data that’s retrieved from the service(prompt output), see [Privacy and data security in Microsoft Copilot for Security](/security-copilot/privacy-data-security).
 
 ## Related content
 
@@ -135,4 +135,3 @@ To understand how Microsoft Copilot for Security handles your prompts and the da
 
 
 
-
