CISO Reporting with Security Copilot - Installation Guide for the Prototype

A couple of weeks ago, I published an article describing how to use Generative AI in Security Copilot to craft and deliver periodic emails to CISOs and Security Managers regarding the status of Incident Management and Posture Management activities in their organization. The article is here: Periodic reporting for Security Managers and CISOs using Security Copilot

A similar use of Generative AI could be of interest to many organizations, even those that have outsourced their security operations to a Managed Security Service Provider. CISOs and Security Managers remain accountable for the effectiveness of both reactive and proactive protection measures within their organization. For them, visibility and awareness are invaluable.

Security Copilot significantly speeds up the creation of similar solutions by leveraging Generative AI and its 'connection framework' (the capability to connect to virtually any security system exposing APIs). Not only does it enable the creation of reports written in natural language (in various supported languages), but it also allows for the creation and modification of report content primarily through natural language prompts, eliminating the need to write and maintain a large amount of custom code.

The prototype solution described in that article is made up of a few different components:

• A couple of new Custom Promptbooks with the prompts for incidents and posture analysis
• A couple of new Custom Plugins with the skills used by the Custom Promptbooks
• A third, previously shared Custom Plugin with the skills to call SOC Optimization in Sentinel
• A previously shared Azure Logic App template for invoking "promptbooks" in Security Copilot and sending their responses by email
• A new Azure Logic App template to be used as part of one of the two new Custom Plugins (it implements a loop logic for making multiple calls to Security Copilot on a specific single prompt)

The correct installation and configuration of all these components can be cumbersome without a clear installation guide. For those of you who may be interested in installing this prototype - whether to use it 'as-is' or to study and improve its content and structure - I have created a new step-by-step installation guide, published in GitHub: cfs/ciso-reporting/install-guide.md. It references the following mini-videos:

Prototype setup - #0 Prerequisites

(2 minutes)

Prototype setup - #1 Create promptbooks

(3 minutes)

Prototype setup - #2 Install GetUsersStatus

(>2 minutes)

Prototype setup - #3 Install Incidents Analysis Automation

(>5 minutes)

Prototype setup - #4 Install Posture Analysis Automation

(~4 minutes)

Prototype setup - #5 Custom plugins

(>8 minutes)

Prototype setup - #6 Run Incidents Analysis

(4.5 minutes)

Prototype setup - #7 Run Posture Analysis

(~1 minutes)

Prototype setup - #8 Scheduling SCUs and reporting

(>8 minutes)

Once again, I hope this content is useful and inspirational for your ideas on using Security Copilot to generate value for your Security Executives.

Please share your ideas and components for improving this solution, as well as for leveraging Security Copilot with a similar approach but for different objectives.