You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/security-copilot-m365d-incident-summary.md
+31Lines changed: 31 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -83,6 +83,37 @@ To summarize an incident:
83
83
84
84
:::image type="content" source="/defender/media/copilot-in-defender/incident-summary/incident-summary-options.png" alt-text="Screenshot that shows the actions available on the incident summary card.":::
By default, Copilot generates a summary for each incident the user opens, but you can change this setting to display incident summaries only in specific instances. You can choose to have summaries generated:
89
+
90
+
- Always (for every incident opened)
91
+
- Based on the severity level of the incident
92
+
- On demand only
93
+
94
+
To change the settings for Copilot incident summaries in Microsoft Sentinel, follow these steps:
95
+
96
+
1. Go to **System** > **Settings** > **Copilot in Defender** in the Microsoft Sentinel navigation pane.
97
+
98
+
:::image type="content" source="media/security-copilot-m365d-incident-summary/copilot-settings.png" alt-text="Screenshot that shows the Copilot settings page in Microsoft Sentinel.":::
99
+
100
+
1. Under **Preferences**, select **Incident Summary generation**.
101
+
1. Select either **Auto-generate** or **Generate on demand**, depending on your preference.
102
+
1. If you select **Auto-generate**, choose between **Always** or **Incident severity**. If you select **Incident severity**, choose the *minimum* severity level for which you want Copilot to generate incident summaries automatically.
103
+
104
+
:::image type="content" source="media/security-copilot-m365d-incident-summary/copilot-settings-preferences.png" alt-text="Screenshot that shows the Copilot settings preferences page in Microsoft Sentinel.":::
105
+
106
+
1. Select **Save**.
107
+
108
+
- When you select **Incident severity**, an estimate of the number of incidents of each severity level reviewed per day is displayed, along with the estimated SCU consumption.
109
+
110
+
:::image type="content" source="./media/security-copilot-m365d-incident-summary/incident-severity.png" alt-text="Screenshot that shows the approximate number of incidents of each severity level.":::
111
+
112
+
- Copilot saves generated incident summaries for a week. If you select an incident whose summary is in the cache, and the incident hasn't changed significantly, the summary is automatically redisplayed at no cost regardless of the setting.
113
+
- To generate a summary on demand for an incident that's not automatically generated, select the **Generate** button.
114
+
115
+
:::image type="content" source="media/security-copilot-m365d-incident-summary/generate-summary.png" alt-text="Screenshot that shows the Generate summary button on the incident page.":::
116
+
86
117
## Sample incident summary prompt
87
118
88
119
In the Security Copilot standalone portal, you can use the following prompt to generate incident summaries:
0 commit comments