IT scenario: Conduct a security script analysis
Available with: Copilot for Security Scenario level:
KPIs impacted
IT management costs
Application downtime
Value benefit
Cost savings
Employee experience
Using Copilot to conduct a security script analysis
1. Analyze script
A security analyst identifies a potentially suspicious script that was found running on a corporate endpoint. Copilot for Security Standalone experience is used to reverse engineer the script.
Copilot for Security
Prompt: Explain what this script does step by step and infer the intent. Also note any actions expressed that could be malicious in nature, including destructive activities, stealing of information, or changing of sensitive settings: <SNIPPET>
2. Assess intent
The analyst asks Copilot to assess whether the script is dangerous.
Copilot for Security
Prompt: Is this script malicious?
3. Check internet addresses
The analyst checks the internet addresses involved to see if they are known threat actors.
Copilot for Security
Prompt: Provide the reputation of any IPs or hostnames found.
4. Check threat database
The analyst checks to if there is any information available about the attack.
Copilot for Security
Prompt: Are there any threat intelligence articles that reference the IOCs that were found? Show me the profiles of any threat actors referenced.
5. Identify response
The analyst asks Copilot for help in responding to the threat.
Copilot for Security
Prompt: What are the recommended policy changes to protect against this script?
6. Create report
Generate an incident report to document the incident and communicate with the leadership team.
Copilot for Security
Prompt: Write me a report that summarizes the findings from the investigation. It should be suitable for a non-technical audience.
1Access Copilot at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.
2Access Business Chat at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.
3Copilot agents allow Microsoft 365 Copilot to access your organization-specific apps. In the past, this would have required an API call to get data from a system of record. The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.
The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.