You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-describe-agents/includes/3a-explore-threat-intelligence-briefing-agent.md
+34-36Lines changed: 34 additions & 36 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ In this exercise, you explore the Threat Intelligence Briefing Agent in Security
8
8
9
9
### Exercise
10
10
11
-
For this exercise, you're logged in as Avery Howard and you have an owner role in Security Copilot. You start by enabling and configuring the plugins necessary to use the Threat Intelligence Briefing agent and set up the agent parameters. Once configured, you'll run the agent. You also walk through editing the parameters used for a manual run of the agent.
11
+
For this exercise, you're logged in as Avery Howard and you have an owner role in Security Copilot. You start by enabling and configuring the plugins necessary to use the Threat Intelligence Briefing agent and set up the agent parameters. Once configured, you run the agent. You also walk through editing the parameters used for a manual run of the agent.
12
12
13
13
This exercise should take approximately **15** minutes to complete.
14
14
@@ -25,68 +25,66 @@ Before you start setting up the agent, let’s go to the plugins page and make s
25
25
1. Make sure the **Agents** plugin is enabled.
26
26
1. Make sure the **Microsoft Threat Intelligence** plugin is enabled.
27
27
1. Make sure the **Microsoft Threat Intelligence Agents** plugin is enabled
28
-
1. Now set up the optional **Microsoft Defender External Attack Surface Management** plugin. To do this, you'll need to copy the values from Microsoft Defender EASM overview page in the Azure portal. Select the link ########### the set up the plugin you can enable that more context to the output, let’s enable those:
1. Exit out of the Manage sources page, but keep the browser tab with Security Copilot open. You need it for the next task.
28
+
1. Make sure the optional **Microsoft Defender External Attack Surface Management** plugin is enabled and configured.
29
+
1. Exit out of the Manage sources page, but keep the browser tab with Security Copilot open. You need it for the next task.
33
30
34
-
### Task: Set up the agent
31
+
### Task: Set up and run the agent
35
32
36
33
In this task, you setup the Threat Intelligence Briefing Agent.
37
34
38
-
1. Select the **Menu icon** which is sometimes referred to as the hamburger icon and select **Agents**.
35
+
1. Select the **Menu icon** which is sometimes referred to as the hamburger icon and select **Agents**. If a pop-up displays, select **Dismiss**.
39
36
1. Look for the tile that says, **Threat Intelligence Briefing Agent**, then select **View details**.
40
37
1. Review the information on the agent’s page that provides a brief description of the agent, the Trigger, Permissions, Identity, Plugins, and Role-based access, then select **Set up**.
41
-
1. The Set up agent window provides information on the permissions needed to run the agent and the identity used with the agent. To Connect your user account (recall that you are logged in as Avery Howard) to the agent, select **Next** to open a new window where you can select the user account. Select **Avery Howard**.
42
-
1. Once you've connected your account to the agent, you complete the agent set up by specifying the parameters used to customize the threat intelligence report. This information will be used each time the agent runs, unless it is changed (you explore that in a subsequent task).
38
+
1. The Setup agent window provides information on the permissions needed to run the agent and the identity used with the agent. To Connect your user account (recall that you're logged in as Avery Howard) to the agent, select **Next** to open a new window where you can select the user account. Select **Avery Howard**.
39
+
1. Once you've connected your account to the agent, you complete the agent set up by specifying the parameters used to customize the threat intelligence report. This information is used each time the agent runs, unless it's changed (you explore that in a subsequent task).
1. After the agent is created, you’re redirected to the activity page where you can get the agent to work on your first results, as part of the first run experience. Here you can run it with the automatic trigger or run it without the trigger. Since the trigger is set to run every 7 days, select **Run it one time without the trigger**.
50
-
1. A window opens to review inputs before running. Expand **Optional fields** to view the settings. As expected, these are the setting you just configured. Leave them as is and select **Submit**. On the top-right corner of the screen the message **Agent Trigger Run started** is displayed. After a few seconds the message will disappear or you can close it by selecting the **X**.
51
-
1. The activity dashboard shows a line item for that initial run with status “In progress” and the method shows as Manual. If you had run the agent on the trigger, the method would show as Automated.
45
+
1. Select **Finish**.
46
+
1. After the agent is created, you’re redirected to the activity page where you can get the agent to work on your first results, as part of the first run experience. Here you can run it with the automatic trigger or run it without the trigger, select **Run it automatically on the trigger**. This runs the agent today and then every seven days.
47
+
1. On the top-right corner of the screen the message **Agent updated** is displayed. After a few seconds, the message disappears or you can close it by selecting the **X**.
48
+
1. The activity dashboard shows a line item for that initial run with status “In progress” and the method shows as Automated.
49
+
1. After a few seconds, the run will show as Completed. Select the line item listed as **Completed** from the activity dashboard window. ***For the purpose of the simulation, the amount of time it takes to complete the run is accelerated.***
50
+
1. The first section of the report is the Input. Expand the down arrow next to confirm the inputs you entered are shown.
51
+
1. The next section of the report shows the Result.
52
+
1. Scroll down to view the report.
53
+
1. Next to where it says results are several icons. Hover over each one to see its function. Let's explore the feedback options:
54
+
1. Select the **thumbs-up** icon to view the available options, then select **Cancel**.
55
+
1. Select the **thumbs-down** icon.
56
+
1. Select **Needs improvement** to view the options then select **Inappropriate**.
57
+
1. Select **Cancel** to exit the feedback window.
58
+
1. Now select View activity from the top right corner of the window to view the Activity map.
59
+
1. Using your mouse (hand icon displays) you can move the map around the page. You can zoom in/out by selecting the slider or **+** or the **-** on the bottom right corner of the window.
60
+
1. Exit out of the activity map and return to the Threat Intelligence Briefing Agent, by selecting the trigger ID (the alpha-numeric string) in the breadcrumb at the top of the page.
61
+
1. You should now be back on the Threat Intelligence Briefing Agent page. Keep the browser tab open, you'll need it for the next task.
62
+
52
63
1. Keep this browser tab open for the next task.
53
64
54
65
#### Task: Run the agent on a manual trigger with different parameters
55
66
56
67
There will be times where you may want to manually run the agent, with different parameters but not change the setting configured during setup that are used for automatically triggered runs.
57
68
58
-
In this task you will run the threat intelligence briefing agent on a manual trigger with different parameters, view the details of the previous run, and the associated activity map.
69
+
In this task, you'll run the threat intelligence briefing agent on a manual trigger configured with different parameters than those configured as part of the agent setup.
59
70
60
-
1. You should still be on the activity page that shows a line item for the report you ran after you completed the agent setup, which still shows as In progress.
61
-
1. This time you will manually run the agent, but you will change the parameters. The updated parameters will impact only this manual run. Future runs of the agent will use the parameters configured at start-up.
62
-
1. Select **Run** on the top right corner of the page, then from the dropdown menu, select **One time**. In this case, you will run the agent manually, but with different parameters. Any updates to the parameters will impact only this manual run.
63
-
1. A window opens to review inputs before running. Select the down-arrow to view the Optional fields. For this run, you will change the parameters as follows:
71
+
1. You should still be on the activity page that shows a line item for the report you ran after you completed the agent setup. Select **Run** on the top right corner of the page, then from the dropdown menu, select **One time**. In this case, you'll run the agent manually, but with different parameters. Any update to the parameters impacts only this manual run.
72
+
1. A window opens to review inputs before running. Select the down-arrow to view the **Optional fields**. For this run, you'll change the parameters as follows:
1. Select **Submit**. The changes you enter here impact only this specific, manual run of the agent. Any future runs are done with the parameters defined during the setup.
70
-
1. At this point, this new run will show in progress, but the previous run should show as completed. Select the line item that shows **Completed**.
71
-
1. The first section of the report is the Input. Expand the down arrow next to confirm the inputs you entered are shown.
72
-
1. The next section of the report shows the Result.
73
-
1. Scroll down to view the report.
74
-
1. Next to where it says results are several icons. Hover over each one to see its function. Let's explore the feedback options:
75
-
1. Select the **thumbs-up** icon to view the available options, then select **Cancel**.
76
-
1. Select the **thumbs-down** icon.
77
-
1. Select **Needs improvement** to view the options then select **Inappropriate**.
78
-
1. Select **Cancel** to exit the feedback window.
79
-
1. Now select View activity from the top right corner of the window to view the Activity map.
80
-
1. Using your mouse (hand icon displays) you can move the map around the page. You can zoom in/out by selecting the slider or **+** or the **-** on the bottom right corner of the window.
81
-
1. Exit out of the activity map and return to the Threat Intelligence Briefing Agent, by selecting the trigger ID (the alpha-numeric string) in the breadcrumb at the top of the page.
82
-
1. You should now be back on the Threat Intelligence Briefing Agent page. Keep the browser tab open, you will need it for the next task.
78
+
1. Select **Submit**. The changes you enter here impact only this specific, manual run of the agent. Any future runs are done with the parameters defined during the setup.
79
+
1. At this point, this new run shows **In progress** with the method as **Manual**. After a few seconds, the run should show as completed. Select the line item that shows **Completed** and review the results.
80
+
1. Keep the browser tab open, you'll need it for the next task.
83
81
84
82
### Task: Edit the Threat Intelligence Briefing Agent
85
83
86
-
When you ran the agent in previous task, you modified the parameters, but those parameters effect only that specific run. All subsequent runs are done using the parameters entered during the set up of the agent. In this task, you modify the parameters entered at setup that control all automatically triggered runs and any manual runs where you don't explicitly change the parameters for that run.
84
+
When you ran the agent in previous task, you modified the parameters, but those parameters affect only that specific run. All subsequent runs are done using the parameters entered during the setup of the agent. In this task, you modify the parameters entered at setup that controls all automatically triggered runs and any manual runs where you don't explicitly change the parameters for that run.
87
85
88
86
1. You should still be on the activity page for the Threat Intelligence Briefing Agent, which shows two lines items for the runs executed in the previous tasks. Select the ellipses on the top-right corner of the page and select **Edit**
89
-
1. On the Edit agent page, you have the option to another identity, but for this task you will not change the identity. Select **Next**.
87
+
1. On the Edit agent page, you have the option to another identity, but for this task you won't change the identity. Select **Next**.
90
88
1. Here you select the parameters to use when the agent runs on the automatic trigger or for manual runs where you don't explicitly change the parameters for that run.
91
89
1. Set the parameters as listed below and select Finish (or Select Cancel).
92
90
1. Insights: 3
@@ -96,4 +94,4 @@ When you ran the agent in previous task, you modified the parameters, but those
96
94
1. Industry: Finance.
97
95
1. You should be back at the Threat Intelligence Briefing Agent page.
98
96
99
-
Review: In this exercise you went through the set up of the Threat Intelligence agent, including verifying the plugin settings. You ran the agent manually with the parameters configured at startup and then again on a manual trigger, changing the parameters for that specific run. Lastly, walked through the process of editing the agent.
97
+
Review: In this exercise you went through the setup of the Threat Intelligence agent, including verifying the plugin settings. You ran the agent using the automatic trigger with the parameters configured at startup and then again on a manual trigger, changing the parameters for that specific run. Lastly, walked through the process of editing the agent.
0 commit comments