Copilot for Security TI Embedded Experience in Defender XDR is now GA

The Microsoft Threat Intelligence (MDTI) and XDR teams are pleased to announce that the Copilot for Security threat intelligence embedded experience in the XDR portal is now generally available. As of today, Defender XDR customers will see a handy -powered sidecar in the Threat Analytics, intel profiles, intel explorer, and intel projects tabs in the threat intelligence blade (in brackets below), which returns, contextualizes, and summarizes intelligence from across MDTI and Threat Analytics about threat actors, threat tooling, and indicators of compromise (IoCs) related to their vulnerabilities and security incidents. 

 

The embedded experience on the right hand side of the Defender XDR portal has an open prompt bar as well as a guided experience with three pre-populated prompts.The embedded experience on the right hand side of the Defender XDR portal has an open prompt bar as well as a guided experience with three pre-populated prompts.

 

How Copilot Enhances Microsoft Threat Intelligence 

  

Microsoft Copilot for Security enables customers to access, operate on, and integrate Microsoft's raw and finished threat intelligence via natural language with simple requests known as prompts, which ask important questions about MDTI's data and content, such as “Tell me more about the threat actor Silk Typhoon.” The answers returned from prompts are always up to date with the latest threat intelligence information, including IoCs, data from mass collection and analysis, intelligence articles, intel profiles (vulnerabilities, threat actors, threat tooling, techniques), and guidance. This critical information delivered instantly and in-context, up-levels and enables different security personas to defend at machine speed and scale.  

 

Key Capabilities of the Threat Intelligence Embedded Experience 

 

Think of the Copilot threat intelligence embedded experience in Defender XDR as a helpful research assistant that can pull, contextualize, and summarize relevant intelligence at machine speed to drive an optimal security plan for your organization. Customers can evaluate artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help them assess their vulnerabilities and quickly understand the broader scope of an attack. With helpful pre-populated prompts or through typing your own, the Copilot sidecar helps you quickly understand threats and assess vulnerabilities faster and more efficiently than before in several exciting ways: 

 

Summarize threat intelligence: By clicking on the pre-populated prompt ‘Give me an overview of the latest threats to my organization,' Copilot returns the latest Intel Profiles and Activity Snapshots that contain mentions of your vulnerabilities, TTPs (tactics, techniques, and procedures) that include the infrastructure your organization runs, and other relevant factors such as intelligence that mentions your industry and region: 

 

The first pre-populated prompt returns and summarizes intelligence most relevant to your organization.The first pre-populated prompt returns and summarizes intelligence most relevant to your organization.

  Customers can also ask Copilot to summarize other relevant intelligence via open prompts, such as “Tell me about the threat actor Mango Sandstorm” or “Summarize the latest threat activity involving Cobalt Strike.” 

Prioritize threats: By clicking the pre-populated prompt “Which threats should I focus on based on their exposure score,” Copilot queries Threat Analytics and MDTI to deliver the intelligence most relevant to an organization based on the exposures and vulnerabilities they have across their attack surface. Customers can also quickly retrieve information on indicators, including IP addresses and domains, to enrich artifacts with content such as threat articles and intel profiles to understand the risk they pose to their organization's unique attack surface.

 

The second pre-populated prompt returns the most critical threat intelligence.The second pre-populated prompt returns the most critical threat intelligence.

 

Understand your risk: Copilot can reason over vulnerability intelligence in MDTI and Threat Analytics to deliver a customized, prioritized list based on a customer organization's unique security posture. By clicking on the pre-populated prompt “Which threat actors are targeting infrastructure in my industry?”  Copilot returns summaries of the top threat actors implicated in attacks involving your industry. This information provides an excellent starting point for threat research and building out a robust defense strategy.  

 

The third pre-populated prompts offers intelligence relevant to your organization based on industry and other factors.The third pre-populated prompts offers intelligence relevant to your organization based on industry and other factors.

New to MDTI? Here's where to start  

  

Learn more about getting started with MDTI here, and read everything you need to know about MDTI as a Copilot for Security customer here.  Also, be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how MDTI is helping your team stay on top of threats. 

 

This article was originally published by Microsoft's Defender Threat Intelligence Blog. You can find the original article here.