IT scenario: Conduct a vulnerability impact assessment

Download scenario guide
Available with: Copilot for Security Scenario level:
Buy

KPIs impacted

IT management costs

Application downtime

Value benefit

Cost savings

Employee experience

Using Copilot to conduct a vulnerability impact assessment


1. Summarize vulnerability report

A SOC analyst received an email about recently reported publicly known vulnerabilities and uses Copilot for Security to investigate the Common Vulnerabilities and Exposures (CVE) ID.

Copilot icon

Copilot for Security

Prompt: Summarize <CVEID>.

2. Understand impact

Use the summary of the CVE to determine if any impacted technologies are used in your environment.

Copilot icon

Copilot for Security

Prompt: Do I have assets running <Technology X> in my environment?

3. Find vulnerable assets

The analyst asks Copilot to list all assets running technologies impacted by this vulnerability in their environment.

Copilot icon

Copilot for Security

Prompt: Which assets are impacted by <CVE-ID>  with <Technology X>

4. Label impacted assets

Apply a label to all of the impacted assets making them easier to identify and understand which need remediated.

Copilot icon

Copilot for Security

Prompt: Please apply label <CVE-ID> to all of assets impacted by <CVE-ID>

5. Identify response

The analyst asks Copilot for help in protecting against the vulnerability.

Copilot icon

Copilot for Security

Prompt: What mitigations can I put in place to defend against <CVEID>?

6. Create report

Generate a report to document the vulnerability and communicate with the leadership team.

Copilot icon

Copilot for Security

Prompt: Write me an executive summary report for the vulnerability, threat actor insights, and recommendations for someone who is less technical.

1Access Copilot at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.

2Access Business Chat at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.

3Copilot agents allow Microsoft 365 Copilot to access your organization-specific apps. In the past, this would have required an API call to get data from a system of record. The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.

The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.