Enable the Red Canary Plugin for Microsoft Copilot for Security
    • 18 Oct 2024
    • 1 Minute to read
    • PDF

    Enable the Red Canary Plugin for Microsoft Copilot for Security

    • PDF

    Article summary

    Follow these steps to enable the Red Canary plugin for Microsoft Copilot for Security. 

    Upload the plugin manifest to Microsoft Security Copilot

    Note: To test this plugin, you must have a Microsoft Copilot for Security instance. Microsoft Copilot for Security has a usage consumption model, and you may incur additional costs from Microsoft for using  the Red Canary Plugin for Microsoft Copilot for Security.

    1. Follow the instructions outlined in the Microsoft help docs for installing a custom plugin.

      1. Select Security Copilot Plugin.

      2. Select the .yaml format.

      3. Enter the following URL:
        (https://rc-customer-tools.s3.us-east-2.amazonaws.com/msft_copilot_plugin/RedCanary_manifest.yaml)

    2. Specify the subdomain URL under the instance URL you want Security Copilot to use.

    3. Configure the API key as documented here in the Microsofts help docs.

    API Usage

    Note: The plugin only uses GET requests and cannot update your Red Canary instance or data.

    API Endpoint

    Request Type

    Prompt

    API Role Required

    openapi/v3/endpoints

    GET

    Show me the 25 most recent endpoints in Red Canary

    Analyst Viewer

    openapi/v3/endpoint_users

    GET

    Can you show me the most recent 10 endpoint users in Red Canary?

    Analyst Viewer

    openapi/v3/detections

    GET

    Show me the 10 most recent threats in Red Canary

    Analyst Viewer

    /openapi/v3/detections/marked_indicators_of_compromise

    GET

    Are there any IOCs in Red Canary?

    Analyst Viewer

    /openapi/v3/customer/external_alerts

    GET

    Can you show me the external alerts in Red Canary?

    Analyst Viewer

    /openapi/v3/customer/external_alerts/{id}

    GET

    Can you give me more details on Red Canary external alert 371119?

    Analyst Viewer

    /openapi/v3/customer/system_activities

    GET

    Were there any detector updates in Red Canary?

    Analyst Viewer

    /openapi/v3/customer/intel_reporting

    GET

    How many events were analyzed by Red Canary

    Analyst Viewer

    /openapi/v3/detections/{id}

    GET

    Can you give me more details on Red Canary Threat ID 72?

    Analyst Viewer

    /openapi/v3/endpoints/sensor_id/{sensor_id}

    GET

    Can you give me more details on Red Canary sensor ID 169428575?

    Analyst Viewer

    /openapi/v3/endpoints/{id}

    GET

    Can you give me more info on endpoint ID 100000074413556 in Red Canary?

    Analyst Viewer

    /openapi/v3/detections/{id}/timeline

    GET

    Can you show me the threat timeline entries for Threat ID 72?

    Analyst Viewer

    /openapi/v3/detections/{id}/detectors

    GET

    Can you list the detectors in Threat 72?

    Analyst Viewer

    /openapi/v3/detections/{id}/related_detections

    GET

    Can you show me related detections for Threat 72?

    Analyst Viewer

    /openapi/v3/detections/{id}/marked_indicators_of_compromise

    GET

    Can you show me an IOCs in Threat 72?

    Analyst Viewer

    /openapi/v3/endpoint_users/{id}

    GET

    Can you give me more information about Endpoint User ID: 100000305141114?

    Analyst Viewer

    /openapi/v3/detections/{id}/events

    GET

    Can you show me all the events in Threat 72?

    Analyst Viewer

    /openapi/v3/endpoint_users/{id}/system_activities

    GET

    Can you show me the activities for Endpoint User ID 100000305141114

    Analyst Viewer

    /openapi/v3/endpoints/{id}/endpoint_users

    GET

    Can you show me the users from Endpoint ID: 100000060390802?

    Analyst Viewer

    /openapi/v3/search/ip_addresses/{ip_address}

    GET

    can you search for ip address 172.16.16.16 in Red Canary?

    Analyst Viewer

    /openapi/v3/search/endpoint_hostnames/{endpoint_hostname}

    GET

    Can you search in Red Canary for hostname vtw-ad10a49823a?

    Analyst Viewer

    /openapi/v3/events

    GET

    Can you show me the most recent events investigated by Red Canary?

    Analyst Viewer



    Was this article helpful?