Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This page provides information about agents available in the standalone and embedded experiences of Security Copilot.
Agents in the standalone experience
Security Copilot, accessed through https://securitycopilot.microsoft.com, is considered as the standalone experience.
Threat intelligence briefing agent
Generating a threat intelligence report can be a cumbersome and resource intensive task. It requires intelligence gathering and can take hours or days to complete.
The Threat Intelligence Briefing Agent generates timely, relevant threat intelligence reports with detailed technical analysis based on the latest threat actor activity and both internal and external vulnerability information. The agent correlates Microsoft threat data from Defender External Attack Surface Management (EASM) and real-time customer signals to add critical context to threat information in a matter of minutes, saving analyst teams hours or even days spent on intelligence gathering and correlation.
| Attribute | Description |
|---|---|
| Identity | Requires connection to an existing user account and creation of a new agent identity |
| License | Defender EASM Standard |
| Permissions | Read data from Agents, Microsoft Defender External Attack Surface Management, Microsoft Threat Intelligence, and Microsoft Threat Intelligence Agents |
| Products | Security Copilot |
| Plugins | Microsoft Defender External Attack Surface Management Microsoft Threat Intelligence Microsoft Threat Intelligence Agent |
| Role-based access | Security Copilot Owner and Security Copilot Contributor roles can see the report generated by the Threat intelligence briefing agent within the Microsoft Security Copilot Agents page |
| Trigger | Runs every 7 days or can be triggered manually |
For more information, see Threat intelligence briefing agent
Agents in the embedded experience
Accessing Security Copilot embedded experiences in other Microsoft security products is considered as the embedded experience. Agents are available across the integrated Microsoft security products. For more information on the full list of agents, see:
- Identity and access in Microsoft Entra
- Security operations in Microsoft Defender
- Endpoint management in Microsoft Intune
- Data security in Microsoft Purview
- Analyze incidents and generate hunting queries in Microsoft Sentinel