What's new in Microsoft Copilot for Security?
Copilot for Security receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about:
- The latest releases
- Known issues
- Plans for changes
Each item describes where the enhancement can be experienced. For more information, see Copilot for Security experiences.
This page updates monthly, so revisit it regularly.
October 2024
Data retrieval POST operations for API plugins
Type: New feature
Experience: Standalone / Embedded
Users can now harness data in plugins that utilize POST operations to get, retrieve, and list data for security investigations and enrichment.
September 2024
Summarize identity in Microsoft Defender - General Availability
Type: New feature
Experience: Embedded
A new embedded experience in Microsoft Defender is available. Security operations teams investigating users can easily understand identity information with the identity summary capability. Copilot creates contextual insights about an identity in an organization, helping analysts quickly understand important data to speed up their investigation.
For more information, see Summarize identities.
Silverfort plugin - Public preview
Type: New plugin
Experience: Standalone
The Silverfort plugin leverages KQL-based queries to extract and analyze data from Silverfort's security logs within the Microsoft Sentinel workspace. You can customize queries using a range of input parameters to retrieve targeted information, enabling more efficient threat investigation and proactive defense measures.
For more information, see: Silverfort.
Whoisfreaks plugin - Public preview
Type: New plugin
Experience: Standalone
Whoisfreaks helps elevate your cyber-security strategy with domain and IP intelligence services. Designed for analysts, researchers, and brand owners. The platform provides unparalleled insights and monitoring capabilities to protect your digital assets. Stay ahead of threats, ensure brand integrity, and make informed decisions with real-time data you can trust. The platform seamlessly integrates with existing systems, enhancing workflow efficiency and effectiveness.
For more information, see: Whoisfreaks.
Forescout Vedere Labs plugin - Public preview
Type: New plugin
Experience: Standalone
Forescout Vedere Labs research team provides a threat intelligence feed containing IP, URL, and File hash indicators for all activity seen and monitored by Forescout, including information on Known Exploited Vulnerabilities and Vedere Labs own reported CVEs. With the extensive research conducted, this provides indicators and CVE details across IT, OT, IoT and IoMT, allowing anyone to benefit from this research. The research helps security teams speed up threat hunting efforts in combination with Microsoft Copilot for Security. Additionally, this service also allows for lookups against domain names to check for use of Domain Generation Algorithms (DGA) or data exfiltration techniques.
For more information, see: Forescout Vedere Labs.
August 2024
Copilot integration in device query - Public preview
Type: New feature
Experience: Embedded
You can now use Copilot in Microsoft Intune's device query page to help you craft KQL queries. Just use natural language to ask about a device in Microsoft Intune, and Copilot will generate a KQL query that you can run to get the answer.
For more information, see Query with Copilot in device query.
July 2024
Streaming of response
Type: New feature
Experience: Standalone / Embedded
As part of the quality effort to minimize overall latency, one initiative is to show Copilot for Security response in streaming mode. This approach significantly enhances perceived latency for users, enabling them to begin reading responses as they are generated, similar to other Copilots.
Microsoft Defender Threat Intelligence - General Availability
Type: New feature
Experience: Embedded
A new embedded experience in the Threat Intelligence blade in Microsoft Defender is available. The feature helps analysts deep dive into threat intelligence context based on sources such as Microsoft Defender Threat Intelligence, threat analytics, and detonation based reputation information. The threat intelligence includes content such as articles and actor profiles, indicators of compromise, and impact to your organization including related incidents, assets and recommendations for remediation.
June 2024
Azure Firewall plugin - Public preview
Type: New plugin
Experience: Standalone
The Azure Firewall plugin has four capabilities that help analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.
To learn more about the user journey and value that Copilot can deliver, see the Azure blog. To see these capabilities in action take a look at this Tech Community blog, and to get started see the documentation.
Azure Web Application Firewall - Public preview
Type: New plugin
Experience: Standalone
The Azure Web Application Firewall (WAF) plugin enables deep investigation of Azure WAF events. It can help analysts investigate the logs generated by Azure WAF in a matter of minutes and provide related attack vectors using natural language responses at machine speed. It provides visibility into your environment's threat landscape.
To learn more about the user journey and value that Copilot can deliver, see the Azure blog. To see these capabilities in action take a look at this Tech Community blog, and to get started see the documentation.
Microsoft Defender External Attack Surface Management (Defender EASM) natural language to EASM query
Type: New skill
Experience: Standalone
Query your attack surface using natural language (for example: "what assets are using specific technologies, are associated with these IP addresses, were registered by this email?").
For more information, see: Microsoft Copilot for Security and Defender EASM.
Defender EASM - Public preview
Type: New experience
Experience: Embedded
Leverage Defender EASM skills within your Defender EASM resource.
For more information, see: Query your attack surface with Defender EASM using Microsoft Copilot in Azure.
AbuseIPDB plugin - Public preview
Type: New plugin
Experience: Standalone
AbuseIPDB helps make the Web safer by providing a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online.
For more information, see: AbuseIPDB.
Intel 471 plugin - Public preview
Type: New plugin
Experience: Standalone
Intel 471 provides ongoing automated collection, local human intelligence reporting, and high-fidelity alerting of top-tier cybercriminals.
For more information, see: Intel471.
Shodan InternetDB plugin - Public preview
Type: New plugin
Experience: Standalone
Use Shodan's free InternetDB to enrich IP investigations. Retrieve IP information of open ports, hostnames, open ports, vulnerabilities.
For more information, see: Shdoan.
May 2024
Microsoft Purview embedded experience - General Availability
Type: Moved from public preview to GA
Experience: Embedded (Microsoft Purview)
Purview (embedded experience) will provide the ability to answer users Microsoft Purview data related questions in natural language queries using existing data insights API/ solution APIs. The Purview users will be able to use Copilot for Security capabilities to summarize alerts and incidents, and get contextual summary of communications.
Purview embedded experience leverages Copilot for Security’s natural language assistive copilot experience and enhances the Purview product experience by providing an AI assistant while using Purview.
For more information, see: Microsoft Copilot for Security in Microsoft Purview.
CyberArk Privilege Cloud plugin - Public preview
Type: New plugin
Experience: Standalone
CyberArk Privilege Cloud is a SaaS solution that provides a simplified path to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and quickly deliver scalable risk reduction to the business. You can use the CyberArk plugin with Microsoft Copilot for Security to:
- List privileged accounts in Copilot for Security using natural language.
- Leverage Copilot generative AI abilities to interact with privileged accounts data.
For more information, see: Cyberark Privilege Cloud.
DarkTrace plugin - Public preview
Type: New plugin
Experience: Standalone
Darktrace offers cybersecurity AI services to provide preemptive visibility into security posture, real-time detection, and autonomous response to known and unknown threats. You can use the Darktrace plugin with Microsoft Copilot for Security to proactively detect, investigate, and respond to threats across your digital ecosystem.
For more information, see: DarkTrace.
Jamf Pro plugin - Public preview
Type: New plugin
Experience: Standalone
Jamf Pro provides comprehensive MDM data. You can use the Jamf plugin with Microsoft Copilot for Security to streamline how your security analysts access data, simplify the process of gathering crucial information, and facilitate seamless collaboration between IT and Security teams.
For more information, see: Jamf Pro.
Red Canary plugin - Public preview
Type: New plugin
Experience: Standalone
Red Canary provides managed detection and response (MDR) and other security capabilities to protect endpoints, network, cloud workloads, identities, and SaaS applications. You can use the Red Canary plugin with Microsoft Copilot for Security to enhance your security operations.
For more information, see: Red Canary.
SGNL.ai plugin - Public preview
Type: New plugin
Experience: Standalone
SGNL provides a dynamic access platform that provides a foundation for Zero Standing Privilege (ZSP) initiatives to protect against threats to user sessions and credentials. You can use the SGNL Access Intelligence plugin with Microsoft Copilot for Security to understand and identify fine-grained access decisions and trends across your organization.
For more information, see: SGNL plugin.
Shodan plugin - Public preview
Type: New plugin
Experience: Standalone
Shodan is a search engine that allows users to find specific types of devices connected to the internet using various filters. It provides a global view of how certain devices are connected and can be used to discover which devices are connected to the internet, where they're located, and who is using them. You can use the Shodan plugin with Microsoft Copilot for Security to get enhanced visibility of their internet-facing assets and better detect threats and vulnerabilities.
For more information, see: Shodan.
ReversingLabs Spectra Intelligence plugin - Public preview
Type: New plugin
Experience: Standalone
ReversingLabs empowers SOC teams to understand the file-based threats in an environment. Analysts can use Copilot for Security to summarize complex file reputation information and file analysis reports for quicker triage and response time.
For more information, see: ReversingLabs Spectra Intelligence.