Update readme.md

Azure · Apr 3, 2024 · bf939da · bf939da
1 parent a1e1fad
commit bf939da
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/Customer Guides/Prompting Tips for Copilot For Security/readme.md b/Customer Guides/Prompting Tips for Copilot For Security/readme.md
@@ -23,3 +23,12 @@ Following best practices above, listed below are good and bad examples of prompt
 |----------------|------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | **Incident Summary** | Provide an incident summary.                         | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience.                                        | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience. List the entities of the incident in a table providing context from MDTI.                                                     | Provide a summary for incident 19247 from Defender catered to a non-technical executive audience. List the entities of the incident in a table which includes the following headers: “Entity”, “Entity Type”, “MDTI reputation”. Within entity, list the entity associated with the incident or incident’s alerts. Within Entity Type, list what type of entity it is. For example, domain name, IP address, URL, hash. Within the MDTI reputation, enrich the entity against MDTI’s Copilot reputation skill. |
 | **KQL Query for Hexadecimal Strings** | Create a KQL query to hunt for hexadecimal strings. | Create a KQL query to hunt for hexadecimal strings associated with svchost.exe process.                                                  | **Prompt 1:** Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process. <br>**Prompt 2:** What threat actor groups tend to use this svchost.exe process?<br>**Prompt 3:** What are the TTPs associated with these threat actor groups?<br>**Prompt 4:** Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”. | **Prompt 1:** Create a Defender KQL query to hunt for hexadecimal strings associated with the svchost.exe process.<br>**Prompt 2:** What threat actor groups tend to use this svchost.exe process?<br>**Prompt 3:** What are the TTPs associated with these threat actor groups?<br>**Prompt 4:** Please create a table to list the MITRE ATT&CK techniques associated with each threat actor group as unique rows. List each MITRE ATT&CK technique associated with each threat actor group in column 1 “MITRE ATT&CK technique” and which threat actor groups used that technique in column 2, “Threat Actor Group(s)”.<br>**Prompt 5:** Based on the MITRE ATT&CK techniques gathered in the previous response, which ones do not have analytic (detection) rule coverage based on what our organization has configured in our Sentinel workspace?<br>**Prompt 6:** Which CVEs do these threat actor groups tend to exploit?<br>**Prompt 7:** What threat intelligence exists associated with each of these CVEs from MDTI?<br>**Prompt 8:** What threat intelligence exists associated with each of these CVEs from inthewild.io?<br>**Prompt 9:** What remediation and/or mitigation recommendations are associated with each of these CVEs from MDTI?<br>**Prompt 10:** Which of my MDEASM, MDVM, MDC, and IoT assets are vulnerable to these CVEs?<br>**Prompt 11:** Based on the incident comments (or wherever you document your postmortem steps), have these recommendations been followed?<br>[Save this as a custom promptbook] |
+
+**General Tips**
+1.	Check the plugin menu to see what plugins are enabled and what skills they offer. 
+2.	Select the   icon in the prompt bar to force a specific plugin or promptbook to bypass the orchestrator and get predictable results.
+3.	Review the promptbooks available in the promptbook library and see how they are designed and what inputs they require. 
+4.	Use the custom promptbook feature to create templates of a series of prompts that you can reuse for different scenarios or parameters.
+5.	Use the pinboard to select and summarize the most relevant prompts from your session. You can also edit or delete prompts that are not useful or accurate.
+6.	Use the process log or the debugger to understand what plugins are selected and executed and how they enrich your prompt.
+Use the custom plugin feature to create your own skills and enrichments based on your own security information (e.g. custom logs) or APIs