Learn how to customize and optimize Copilot for Security with the custom Data Security plugin by info.odysseyx@gmail.com August 21, 2024 written by info.odysseyx@gmail.com August 21, 2024 0 comment 13 views 13 This is a step-by-step guide on how to use the tailored Copilot for Security pack for Microsoft Data Security and how it can help your organization understand cybersecurity risks so that you can achieve more. We focus on information and organizational context to reflect the real impact/value of cyber investments and incidents. We are working on adding this to our basic toolset as well and will update when ready. Prerequisites Licensing requirements for Microsoft Purview Information Protection vary depending on the scenarios and features you use. To understand licensing requirements and options for Microsoft Purview Information Protection, see: Information Protection In the section Microsoft 365 Guidance for Security and Compliance and related Download PDF Functional level licensing requirements. Also requires a license for Microsoft Copilot for Security. Learn more here. Consider setting up Azure AI Search to collect policy documents and include them in your processes. Step-by-step guide walkthrough This guide provides high-level steps to get started using the new tooling, starting with adding a custom plugin. Go to securitycopilot.microsoft.com Download the DataSecurityAnalyst.yml file. here. Select the plugin icon in the left corner. Select the upload plugin in Custom Upload. Select the Copilot for Security plugin and upload the DataSecurityAnalyst.yml file. Clicking sound add You can now see the plugin in Customize. The custom package contains the following prompts: You can find this by typing /DLP in DLP. You can find this by entering sensitivity in the Sensitivity section. Let’s try this out with the Copilot for Security feature. Anomaly Detection Sample DLP Anomaly checks data from the last 30 days and checks for possible anomalies at 30m intervals. Time series decomposition model. For the sensitivity content above, we are using a slightly different model due to the amount of data. It is based on: Difference pattern This is a function that compares weeks 3 and 4 with weeks 1 and 2. Compromised accounts may be able to access sensitive information. This example checks for reported notifications about users with sensitive information. Who accessed sensitive emails and where did they access them? Allows your organization to identify who opened a message by entering a message subject or message ID. This applies to internal recipients only. You can also ask the plugin to list sensitive emails accessed from specific networks or emails affected by specific CVEs. This document was accessed from an account that may have been compromised. This plugin allows you to check if a compromised account has accessed a specific document. Proximity to CVE or ISP/IP tags This is a sample to give you an idea of how much sensitive information is exposed in CVE. Depending on your ISP, you may be able to pivot this. Adjust the Exchange DLP policy sample. To adjust Exchange, Teams, SharePoint, Endpoint, or OCR rules and policies, please contact Copilot for Security for suggestions. Unlabeled work scope How many of your departments have unlabeled operations? Are there any departments that stand out? In this context, you can also use Copilot for Security to deliver recommendations and highlight the benefits of sensitivity labels. Applications that access sensitive content. What applications were used to access sensitive content? This plugin supports requesting the applications used to access sensitive content. This can be a fairly long list of applications, and you can filter out common applications by adding filters to your code. If you want to know more about what type of content a particular application is accessing: What type of network connection was made by this application? Or what if you want to verify SHA256 because you’re concerned about the process used? Hosts with Internet access access sensitive content Another threat vector is that some devices are connected to the Internet and are processing sensitive content. Be sure to check the processing of confidential and other sensitive information. Promptbook Promptbooks are a valuable resource for performing specific security-related tasks. Think of them as a way to implement standard operating procedures (SOPs) for specific incidents. Following SOPs allows you to identify the various dimensions of an incident and summarize the results in a standardized manner. For more information about Promptbooks, see: See this document. Exchange Case Sample Prompt Book Note: The above details are currently only available using Sentinel, we are working on integration with Defender. SharePoint Sample Prompt Book Some posts in this series Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post Scaling New Heights: Azure Red Hat OpenShift Now Supports 250 Nodes next post Cybersecurity in a context that allows your organization to achieve more You may also like Lenovo’s ThinkPad X 1 Carbon has rewrite my MacBook Pro February 5, 2025 Bots now dominate the web and this is a copy of a problem February 5, 2025 Bots now dominate the web and this is a copy of a problem February 5, 2025 Bots now dominate the web, and this is a problem February 4, 2025 DIPSEC and HI-STECS GLOBAL AI Race February 4, 2025 DEPSEC SUCCESS TICTOKE CAN RUNNING TO PUPPENSE TO RESTITE January 29, 2025 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.