UI Components of Microsoft Security Copilot
Getting to Know the UI
Microsoft Security Copilot is a new platform that helps security analysts and administrators interact with their security data using natural language. Security Copilot can answer questions, run commands, and generate reports using various Microsoft security services as plugins. In this blog post, I will show you how to navigate the Security Copilot portal and use its features to get the most out of it.
Home Menu
The home menu is located at the top left corner of the portal and looks like a stack of pancakes. (Some might say it’s a hamburger menu, but I’m trying to change the perception.) It contains four options: Home, My sessions, Settings, and Tenant.
Home gets you back to the initial page, ready to create a new prompt. A prompt is a natural language input that you send to Security Copilot to get a response.
My sessions reloads the page and changes the view to focus on past sessions you’ve created. A session is a collection of prompts and responses that you can save, rename, delete, or share. You can also manage your sessions with search and filter options.
Settings include theme preferences along with data and privacy settings. You can choose between light and dark themes and opt in or out of data collection and feedback surveys.
Tenant allows you to switch between different tenants that you have access to. A tenant is a dedicated instance of Azure Active Directory (Azure AD) that hosts your organization’s security data. You may need to switch tenants if your security data is in a different tenant than the one you signed in with. For example, if you are a guest user or a member of a managed service provider (MSP).
Manage Plugins
Plugins are the Microsoft security services that Security Copilot can use to access your security data and perform actions. You can see the list of available plugins by clicking on the Manage plugins button at the top right corner of the portal. You can also enable or disable plugins and view their capabilities and documentation.
Some examples of plugins include:
Microsoft 365 Defender: A unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications.
Microsoft Sentinel: A cloud-native security information and event management (SIEM) and security orchestration automated response (SOAR) solution that uses built-in AI to help analyze large volumes of data across your enterprise.
Microsoft Security Center: A unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud and on premises.
Prompt Bar
The prompt bar is where you type your natural language input to Security Copilot. You can ask questions, run commands, or request reports using simple or complex sentences. Security Copilot will try to understand your intent and provide the best possible response.
To help you create effective prompts, Security Copilot offers several features:
Featured prompts: These are pre-defined prompts that showcase some of the common and useful scenarios that Security Copilot can handle. You can browse through the featured prompts by clicking on the Featured prompts button at the bottom left corner of the prompt bar. You can also select a featured prompt to send it to Security Copilot and see the response.
Prompt suggestions: These are dynamic suggestions that appear as you type your prompt. They are based on the plugins and capabilities that Security Copilot can use. You can see the prompt suggestions by typing a slash (/) followed by the name of a plugin or a capability. You can also select a prompt suggestion to complete your prompt.
Promptbooks: These are collections of prompts that are designed to help you achieve a specific goal or task. They are like guided tours that walk you through a series of steps using Security Copilot. You can access the promptbooks by clicking on the Promptbooks button at the bottom right corner of the prompt bar. You can also create your own promptbooks using the promptbook editor.
Process Log
The process log is a panel that appears directly under your prompt after you send it. It shows you how Security Copilot processed your prompt and what plugin and capability it used to generate the response. You can use the process log to understand how Security Copilot works and to troubleshoot any issues.
The process log also provides links to see all the system capabilities and to view the documentation of the plugin and capability used. You can also copy the process log to your clipboard or hide it from the view.
Pin Board
The pin board is a panel that appears on the right side of the portal. It allows you to pin important responses from your session and to generate a summary of your session. You can use the pin board to keep track of your findings and to share them with others.
To pin a response, click on the Pin button at the top right corner of the response bubble. When you pin a response for the first time, Security Copilot will generate a summary of the session for the pin board. You can pin multiple responses to expand the summary. You can also unpin a response by clicking on the Unpin button.
The pin board also shows tags under the session name to help provide context to the session. The tags are based on the plugins and capabilities used in the session. You can also rename the session by clicking on the Rename button.
Share Session
At any time during a Security Copilot session, you can share the work you’ve done with your team or colleagues. To share a session, click on the Share button at the top right corner of the portal. Security Copilot will create a link that you can copy to your clipboard or send via email.
The link references the entire session, not just the portion conducted prior to selecting the share feature. Anyone with Security Copilot access that browses to the link will see a static display of the session shared, whether they normally have access to the underlying security data or not.
While accessing a shared session, you have the option to export the results to a PDF or a Word document. You can also view the shared session summary and pinned items to quickly understand the shared content.
Adjust the View
Need more screen real estate, the UI enables you to quickly move between full width and compact views.
Conclusion
Microsoft Security Copilot is a powerful and innovative platform that enables you to interact with your security data using natural language. By learning how to navigate the Security Copilot portal and use its features, you can enhance your security analysis and administration experience. To learn more about Security Copilot, check out the following resources:
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Subscribe to the Weekly Azure OpenAI Newsletter]
[Learn KQL with the Must Learn KQL series and book]
[Learn AI Security with the Must Learn AI Security series and book]