IT scenario: Conduct a security script analysis

Download scenario guide
Available with: Copilot for Security Scenario level:
Buy

KPIs impacted

IT management costs

Application downtime

Value benefit

Cost savings

Employee experience

Using Copilot to conduct a security script analysis


1. Analyze script

A security analyst identifies a potentially suspicious script that was found running on a corporate endpoint. Copilot for Security Standalone experience is used to reverse engineer the script.

Copilot icon

Copilot for Security

Prompt: Explain what this script does step by step and infer the intent. Also note any actions expressed that could be malicious in nature, including destructive activities, stealing of information, or changing of sensitive settings: <SNIPPET>

2. Assess intent

The analyst asks Copilot to assess whether the script is dangerous.

Copilot icon

Copilot for Security

Prompt: Is this script malicious?

3. Check internet addresses

The analyst checks the internet addresses involved to see if they are known threat actors.

Copilot icon

Copilot for Security

Prompt: Provide the reputation of any IPs or hostnames found.

4. Check threat database

The analyst checks to if there is any information available about the attack.

Copilot icon

Copilot for Security

Prompt: Are there any threat intelligence articles that reference the IOCs that were found? Show me the profiles of any threat actors referenced.

5. Identify response

The analyst asks Copilot for help in responding to the threat.

Copilot icon

Copilot for Security

Prompt: What are the recommended policy changes to protect against this script?

6. Create report

Generate an incident report to document the incident and communicate with the leadership team.

Copilot icon

Copilot for Security

Prompt: Write me a report that summarizes the findings from the investigation. It should be suitable for a non-technical audience.

1Access Copilot at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.

2Access Business Chat at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.

3Copilot agents allow Microsoft 365 Copilot to access your company-specific apps. In the past, this would have required an API call to get data from a system of record. The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.

The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.