You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Microsoft Defender XDR applies the capabilities of [Security Copilot](/security-copilot/microsoft-security-copilot) to summarize incidents, delivering impactful information and insights to simplify investigation tasks. Attack investigation is a crucial step for incident response teams to successfully defend an organization against further damage from a cyber threat. Investigations can often be time-consuming as it involves numerous steps. Incident response teams need to understand how the attack happened: sort through numerous alerts, identify which assets and entities are involved, and assess the scope and impact of an attack.
31
+
Microsoft Defender XDR applies the capabilities of [Security Copilot](/security-copilot/microsoft-security-copilot) to summarize incidents, delivering impactful information and insights to simplify investigation tasks. Attack investigation is a crucial step for incident response teams to successfully defend an organization against further damage from a cyber threat. Investigations can often be time-consuming as they involve numerous steps. Incident response teams need to understand how the attack happened: sort through numerous alerts, identify which assets and entities are involved, and assess the scope and impact of an attack.
32
32
33
33
This guide outlines what to expect and how to access the summarizing capability of Copilot in Defender, including information on providing feedback.
34
34
@@ -58,24 +58,24 @@ Incidents containing up to 100 alerts can be summarized into one incident summar
58
58
- The entity or asset where the attack started.
59
59
- A summary of timelines of how the attack unfolded.
60
60
- The assets involved in the attack.
61
-
- Suggested prompts, which provide insights into the specific assets involved in the incident.
62
61
- Indicators of compromise (IoCs).
63
62
- Names of [threat actors](/unified-secops-platform/microsoft-threat-actor-naming) involved.
63
+
- Suggested Security Copilot prompts, which guide you to focus on the most relevant next steps, gain deeper insights, and simplify investigations.
64
64
65
-
To summarize an incident, perform the following steps:
65
+
To summarize an incident:
66
66
67
67
1. Open an incident page. Copilot automatically creates an incident summary upon opening the page. You can stop the summary creation by selecting **Cancel** or restart creation by selecting **Regenerate**.
68
68
69
-
1. The incident summary card loads on the Copilot pane. Review the generated summary on the card.
69
+
1. The incident summary card loads on the Copilot pane. Review the generated summary on the card. Review the summary and use the information to guide your investigation and response to the incident.
70
70
71
71
:::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary.png" alt-text="Screenshot that shows the incident summary card on the Copilot pane as seen in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary.png":::
72
72
73
73
> [!TIP]
74
74
> You can navigate to a file, IP, or URL page from the Copilot results pane by clicking on the evidence in the results.
75
75
76
-
1.Review the summary and use the information to guide your investigation and response to the incident.
76
+
1.Select **See prompts** to view suggested prompts. Suggested prompts surface relevant follow-up questions based on the most crucial information in the given incident.
77
77
78
-
1.Select **See prompts** to get more insights about the specific assets involved in the incident, such as device summaries, identity summaries, and related threat intelligence.
78
+
Select a suggested prompt to get more insights about the specific assets involved in the incident, such as device summaries, identity summaries, and related threat intelligence.
79
79
80
80
:::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-see-prompts.png" lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-see-prompts-large.png" alt-text="Screenshot that shows the Copilot suggested prompts on the incident summary card.":::
![m365-skilling-repo-management[bot]](https://avatars.githubusercontent.com/in/1161012?v=4&size=40){kind=avatar}
0 commit comments