From the course: Microsoft Security Copilot: Prompts and Promptbooks
Join today to access over 25,300 courses taught by industry experts.
Prompting for incident handling - Microsoft Security Copilot Tutorial
From the course: Microsoft Security Copilot: Prompts and Promptbooks
Prompting for incident handling
- [Instructor] Let's talk about how to apply prompting to incident handling in Microsoft Security Copilot. incident handling is a core function of a typical security operations center, or SOC. Security analysts usually follow a general workflow to handle incidents, which includes: triage incidents to assess security impact, determine incident severity, and assign ownership; investigate incidents to correlate security events, identify associated entities, and collect evidence; respond to incidents to contain attacks, eradicate threats, and recover services. In addition, security analysts need to summarize findings and report status throughout the process. Based on the incident-handling workflow, we can create prompts for each stage. For example, on the triage, prompts may relate to incident details and triage status. Under incident investigation, prompts may relate to associated alerts, entities, and threats. Under incident response, prompts may relate to recommended actions for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Prompting for identity and access management6m 13s
-
(Locked)
Prompting for device management5m 55s
-
(Locked)
Prompting for vulnerability management4m 34s
-
(Locked)
Prompting for threat intelligence5m 44s
-
(Locked)
Prompting for data security5m 3s
-
(Locked)
Prompting for incident handling5m 41s
-
(Locked)
Prompting for script analysis4m 27s
-
(Locked)
Prompting for security knowledge3m 31s
-
(Locked)
-