You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/sentinel-security-copilot.md
+14-4Lines changed: 14 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ appliesto:
16
16
ms.date: 06/26/2024
17
17
---
18
18
19
-
# Access your Microsoft Sentinel data in Copilot for Security
19
+
# Investigate Microsoft Sentinel incidents in Copilot for Security
20
20
21
21
Microsoft Copilot for Security is a platform that helps you defend your organization at machine speed and scale. Microsoft Sentinel provides a plugin for Copilot to help analyze incidents and generate hunting queries.
22
22
@@ -26,6 +26,10 @@ Together with the iterative processing of other sophisticated Copilot for Securi
26
26
> The "Microsoft Sentinel" and "Natural Language to KQL for Microsoft Sentinel" plugins are currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
27
27
>
28
28
29
+
For more information on Copilot for Security, see the following articles:
30
+
-[Get started with Microsoft Copilot for Security](/security-copilot/get-started-security-copilot)
31
+
-[Understand authentication in Microsoft Copilot for Security](/security-copilot/authentication)
32
+
29
33
## Microsoft Copilot in Microsoft Sentinel (Preview)
30
34
31
35
Copilot for Security doesn't have an embedded experience in the Microsoft Sentinel Azure portal. However, because Microsoft Sentinel features are available in the Microsoft Defender portal as part of the unified security operations platform, [Copilot in Microsoft Defender XDR](/defender-xdr/security-copilot-in-microsoft-365-defender) provides some access to Microsoft Sentinel data with its integration experience.
@@ -48,13 +52,16 @@ To view these capabilities in Copilot, select the **Prompts** :::image type="ico
48
52
### Enable the Microsoft Sentinel plugins in Copilot
49
53
50
54
1. Navigate to Copilot for Security at [https://securitycopilot.microsoft.com/](https://securitycopilot.microsoft.com/).
55
+
51
56
1. Open **Sources** :::image type="icon" source="media/sentinel-security-copilot/sources.png"::: in the prompt bar.
57
+
52
58
1. On the **Manage plugins** page, set the **Microsoft Sentinel (Preview)** toggle to **On**.
59
+
53
60
1. Optionally, set the **Natural language to KQL for Microsoft Sentinel (Preview)** toggle to **On**.
54
61
55
-
### Configure the Microsoft Sentinel source
62
+
### Configure a default Microsoft Sentinel workspace
56
63
57
-
Increase your prompt accuracy when you have access to multiple Microsoft Sentinel workspaces by configuring one of them as the default.
64
+
If you have access to multiple Microsoft Sentinel workspaces, increase your prompt accuracy by configuring one of them as the default.
58
65
59
66
1. On the **Manage plugins** page, select the gear icon on the Microsoft Sentinel (Preview) plugin.
60
67
@@ -78,7 +85,7 @@ For more information, see [Using promptbooks](/copilot/security/using-promptbook
78
85
79
86
For general guidance on writing effective prompts, see [Prompting in Microsoft Copilot for Security](/security-copilot/prompting-security-copilot). Here are some examples that incorporate that guidance:
80
87
81
-
The second part of this prompt nudges Copilot to provide human readable information instead of responding with object IDs.<br>
88
+
The second part of the following prompt nudges Copilot to provide human readable information instead of responding with object IDs.<br>
82
89
`Show me Sentinel incidents that were closed as a false positive. Supply the Incident number, Incident Title, and the time they were created.`
83
90
84
91
Copilot knows who you are.<br>
@@ -93,3 +100,6 @@ A useful way to summarize the prompts and responses so far.<br>
93
100
For more information on sample prompts, see [Rod Trent's Copilot for Security GitHub](https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/Sentinel.md).
94
101
95
102
### Related articles
103
+
104
+
-[Microsoft Copilot in Microsoft Defender](/defender-xdr/security-copilot-in-microsoft-365-defender)
105
+
-[Microsoft Defender XDR integration with Microsoft Sentinel](microsoft-365-defender-sentinel-integration.md)
0 commit comments