Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This page provides information about agents available in the standalone experience of Security Copilot.
Agent terminology
| Field | Description |
|---|---|
| Trigger | An event or condition that tells an agentic system to initiate an action or series of actions. |
| Permissions | The level of authorization an AI agent is given by an admin during configuration that enables it to access specific information or carry out its tasks. |
| Identity | The credentials that the agent will use when it runs. |
| Plugins | A component that extends what an agent can do by giving it access to capabilities in first- and third-party services and public websites through APIs. |
Available agents
Threat intelligence briefing agent
Generating a threat intelligence report can be a cumbersome and resource intensive task. It requires intelligence gathering and can take hours or days to complete. The Threat Intelligence Briefing Agent generates timely, relevant threat intelligence reports with detailed technical analysis based on the latest threat actor activity and both internal and external vulnerability information. The agent correlates Microsoft threat data and real-time customer signals to add critical context to threat information in a matter of minutes, saving analyst teams hours or even days spent on intelligence gathering and correlation.
Trigger
This agent will run at the set time interval when turned on, or manually when you want to run it.
Permissions
This agent can read data from Defender External Attack Surface Management and Defender Vulnerability Management
Identity
This agent requires connection to an existing user account and creation of a new agent identity.
Products
Microsoft Security Copilot is needed to run this agent.
Plugins
The following plugin is needed to run this agent:
- Microsoft Defender Threat Intelligence
The following plugins are optional to run this agent, but can add more context to the output:
- Microsoft Defender External Attack Surface Management
- Microsoft Defender Vulnerability Management
Role-based access
Owner and contributors can see the report generated by the Threat intelligence briefing agent within the Microsoft Security Copilot Agents page.