IT scenario: Conduct a vulnerability impact assessment
Available with: Copilot for Security Scenario level:
KPIs impacted
IT management costs
Application downtime
Value benefit
Cost savings
Employee experience
Using Copilot to conduct a vulnerability impact assessment
1. Summarize vulnerability report
A SOC analyst received an email about recently reported publicly known vulnerabilities and uses Copilot for Security to investigate the Common Vulnerabilities and Exposures (CVE) ID.
Copilot for Security
Prompt: Summarize <CVEID>.
2. Understand impact
Use the summary of the CVE to determine if any impacted technologies are used in your environment.
Copilot for Security
Prompt: Do I have assets running <Technology X> in my environment?
3. Find vulnerable assets
The analyst asks Copilot to list all assets running technologies impacted by this vulnerability in their environment.
Copilot for Security
Prompt: Which assets are impacted by <CVE-ID> with <Technology X>
4. Label impacted assets
Apply a label to all of the impacted assets making them easier to identify and understand which need remediated.
Copilot for Security
Prompt: Please apply label <CVE-ID> to all of assets impacted by <CVE-ID>
5. Identify response
The analyst asks Copilot for help in protecting against the vulnerability.
Copilot for Security
Prompt: What mitigations can I put in place to defend against <CVEID>?
6. Create report
Generate a report to document the vulnerability and communicate with the leadership team.
Copilot for Security
Prompt: Write me an executive summary report for the vulnerability, threat actor insights, and recommendations for someone who is less technical.
1Access Copilot at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.
2Access Business Chat at copilot.microsoft.com or the Microsoft Copilot mobile app and set toggle to “Web”.
3Copilot agents allow Microsoft 365 Copilot to access your company-specific apps. In the past, this would have required an API call to get data from a system of record. The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.
The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.
