Create Microsoft Security Exposure Management.yaml#208
Conversation
Plugin submission for Microsoft Security Exposure Management. This is version 1, more skills to be added in subsequent versions.
…nagement.yaml to Plugins/Community Based Plugins/Microsoft Security Exposure Management/Microsoft Security Exposure Management.yaml Created the Microsoft Security Exposure Management Plugin for Security Copilot. This is version 1.0
|
Plugin submission for Microsoft Security Exposure Management. This is version 1 with 2 basic skills; more skills to be added subsequently. |
|
@microsoft-github-policy-service agree company="Microsoft" |
Updated as per the recommendation received on 27 Aug
Updated the yaml file as per recommendations received on 27 Aug
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new Microsoft Security Exposure Management plugin for Security Copilot that enables querying exposed devices through natural language. The plugin provides two main capabilities for SOC engineers to investigate security exposures.
- Adds KQL-based skills for querying device exposure data
- Implements cloud platform filtering and user-based device queries
- Enables exposure level filtering (High, Medium, Low) across different scenarios
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| ) on DeviceName | ||
|
|
There was a problem hiding this comment.
The query ends abruptly without projecting the final result columns. Add a | project UPN, DeviceName, DeviceId, ExposureLevel, CloudPlatforms, OSPlatform, OSArchitecture statement after the join to return the expected columns mentioned in the DescriptionForModel.
| ) on DeviceName | |
| | project UPN, DeviceName, DeviceId, ExposureLevel, CloudPlatforms, OSPlatform, OSArchitecture |
…nagement/Microsoft Security Exposure Management.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…nagement/Microsoft Security Exposure Management.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…nagement/Microsoft Security Exposure Management.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
KwachSean
left a comment
KwachSean
left a comment
There was a problem hiding this comment.
Summary of changes:
A new plugin YAML file was added: Plugins/Community Based Plugins/Microsoft Security Exposure Management/Microsoft Security Exposure Management.yaml.
This file introduces a descriptor for "Microsoft Exposure Management" with a description outlining its integration with Security Copilot to surface exposure insights and attack paths for SOC engineers.
Two main KQL-based skills are defined:
GetExposedDevicesByCloudPlatform: Retrieves exposed devices filtered by cloud platform (Azure, AWS, GCP) and exposure level (High, Medium, Low), with example prompts and KQL template.
GetExposedDevicesByUser: Retrieves exposed devices associated with a specific user (UPN), optionally filtered by exposure level, with example prompts and KQL template.
Both skills include detailed input requirements, settings, and example user prompts.
Appending approval: APPROVED ✅ — The changes are clear, well-documented, and introduce valuable functionality for integrating Microsoft Security Exposure Management with Security Copilot.
Plugin submission for Microsoft Security Exposure Management. This is version 1, more skills to be added in subsequent versions.