Analyze vulnerabilities with Microsoft Copilot for Security - Microsoft Security Copilot Tutorial

[Instructor] Vulnerabilities are weaknesses in our systems that hackers can exploit to launch cyber attacks. So analyzing vulnerabilities is a common task for security professionals. In vulnerability analysis, security analysts often start with Common Vulnerability and Exposure or CVE. There are variant sources where you can search CVEs. For example, the official CVE list managed by MITRE, threat intelligence products like Microsoft Defender Threat Intelligence, and many threat intelligence feeds. The analysis work often includes vulnerability summary, impacted technologies, threat actors, tactics, techniques, and procedures or TTPs used by hackers, suggested actions for prevention and remediation. It takes time for security analysts to complete the vulnerability research and analysis. Now let's see how Microsoft Copilot for Security can help us. First, we'll find a sample CVE. This is a CVE website. We can click Search to search CVE list. Let's use this CVE, CVE-2020-1472. Click Submit. And then we can see the details about this CVE. Go to my Microsoft Copilot for Security. In the prompt bar, enter the prompt. Summarize vulnerability CVE-2020-1472. Make a list of key points and impacted technologies. This is for my vulnerability impact analysis. Click Submit. Copilot for Security provided a summary of that vulnerability with some key points. It also showed the base score is 5.5 and the severity level is medium. And the impacted technology is the Netlogon Remote Protocol. To defend against this vulnerability, I can ask Copilot for Security to suggest actions to handle this vulnerability categorized into prevention and the remediation. Copilot recommended several actions for prevention and remediation. Finally, let's ask Copilot for Security to generate an executive report about this vulnerability for non-technical managers. Copilot wrote a decent report with essential elements of this vulnerability analysis, including summary, impact, and suggested actions.