You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-copilot.md
+10-12Lines changed: 10 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ Microsoft Copilot for Security is a generative AI-powered security solution that
24
24
25
25
Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
26
26
27
-
The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS and/or threat intelligence features of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
27
+
The Azure Firewall integration helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
28
28
29
29
This article introduces you to Copilot and includes sample prompts that can help Azure Firewall users.
30
30
@@ -51,17 +51,17 @@ For more information about writing effective Copilot for Security prompts, see [
51
51
-[Azure Structured Firewall Logs](firewall-structured-logs.md#resource-specific-mode) – the Azure Firewalls to be used with Copilot for Security must be configured with resource specific structured logs for IDPS and these logs must be sent to a Log Analytics workspace.
52
52
-[Role Based Access Control for Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/role-based-access-control-for-azure-firewall/ba-p/2245598) – the users using the Azure Firewall plugin in Copilot for Security must have the appropriate Azure RBAC roles to access the Firewall and associated Log Analytics workspace(s).
53
53
2. Go to [Microsoft Copilot for Security](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
54
-
3. Ensure that the Azure Firewall plugin is turned on. In the prompt bar, select the **Sources** icon.
54
+
1. In the prompt bar, select the **Sources** icon.
55
55
56
-
:::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
56
+
:::image type="content" source="media/firewall-copilot/copilot-prompts-bar-sources.png" alt-text="Screenshot of the prompt bar in Microsoft Copilot for Security with the Sources icon highlighted.":::
57
57
58
-
59
-
In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window.
60
58
61
-
:::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::
59
+
In the **Manage sources** pop-up window that appears, confirm that the **Azure Firewall** toggle is turned on, then close the window. No additional configuration is necessary, as long as structured logs are being sent to a Log Analytics workspace and you have the right RBAC permissions, Copilot will find the data it needs to answer your questions.
60
+
61
+
:::image type="content" source="media/firewall-copilot/azure-firewall-plugin.png" alt-text="Screenshot showing the Azure Firewall plugin.":::
62
62
63
-
> [!NOTE]
64
-
> Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
63
+
> [!NOTE]
64
+
> Some roles can turn the toggle on or off for plugins like Azure Firewall. For more information, see [Manage plugins in Microsoft Copilot for Security](/copilot/security/manage-plugins?tabs=securitycopilotplugin).
65
65
66
66
67
67
4. Enter your prompt in the prompt bar.
@@ -105,9 +105,7 @@ Get **additional details** to enrich the threat information/profile of an IDPS s
105
105
- I see that the third signature ID is associated with CVE _\<CVE number\>_, tell me more about this CVE.
106
106
107
107
> [!NOTE]
108
-
>The Microsoft Defender Threat Intelligence plugin is another source that Copilot for Security may use to provide threat intelligence for IDPS signatures.
109
-
110
-
108
+
> The Microsoft Threat Intelligence plugin is another source that Copilot for Security may use to provide threat intelligence for IDPS signatures.
111
109
### Look for a given IDPS signature across your tenant, subscription, or resource group
112
110
113
111
Perform a **fleet-wide search** (over any scope) for a threat across all your Firewalls instead of searching for the threat manually.
@@ -148,4 +146,4 @@ When you interact with Copilot for Security to get Azure Firewall data, Copilot
148
146
149
147
## Related content
150
148
151
-
-[What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
149
+
-[What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments