Co-Pilot for Security 1st Look Integration with Microsoft Defender

Hey Checkyourlogs Fans,

As we look at the 1st set of integration with our Microsoft Co-Pilot for Security with Defender, we can see a brand new Copilot option in the UI

Not only this I’ve noticed now that the Co-Pilot integration happens automatically when reviewing alerts.

This is interesting because it almost breaks down what is happening and gives immediate advice to Security Operators.

We can see a few examples here like an email response to the end user for this alert:

Hi,

We hope this message finds you well. We are reaching out to you because we noticed some unusual activity related to your email account. Specifically, we detected several email messages that contained potentially harmful links. These emails were removed after they were delivered to your account for your safety.

The first incident occurred on March 31, 2024, at 14:06 UTC. The email contained a link that seemed suspicious. The same thing happened again at 14:55 UTC, with an email titled “WiFi Freedom: Stay Connected, Anytime, Anywhere!”.

We are trying to understand what might have caused these alerts. Could you please confirm if you clicked on any links in emails that seemed out of the ordinary or from unknown senders on March 31, 2024? A simple ‘yes’, ‘no’, or ‘don’t know’ would suffice.

Please remember that it’s important not to click on links from unknown sources as they can sometimes be harmful. If you have any additional information that you think might be helpful, feel free to share it with us.

Best regards,

Cyber Security Team

This is a cool integration and I’m super please with what I’m seeing thus far.

Thanks,

Dave