Security Copilot Plugin
CrowdSec Intelligence Plugin for Microsoft Security Copilot allows you to get advanced insights on a malicious IP activity.
As part of the core plugins of Security copilot its setup and usage are very straight forward.
This documentation will lead you through an easy setup and lead you through some example usage and prompts.
Configure the plugin
Prerequisite: retrieve your API Key
The plugin is using our CTI API to provide information on over 70M attackers recently reported by CrowdSec's network.
You can create a trial key or retrieve your existing keys in the console in the "Settings" > "CTI API Keys" section.
If you need more details check out the CTI API Key - getting started section
Activate and setup the plugin
This consists of 3 easy steps: browse plugins, select "CrowdSec Threat Intelligence" plugin, paste API Key in settings
1. Browse plugins
Within the Security Copilot main page, on the right hand side of the prompt input, you'll see an icon represented by 4 squares with a "source" tooltip like shown in the picture there after.
Activate the "CrowdSec Threat Intelligence" plugin by clicking on the switch (it will turn blue).
Then fill in your api key in the settings:
Press the "cog" icon on the plugin within the list
And paste your API Key
Usage
Now let's play around with this plugin.
Note: You might need to reload the page after updating your plugin selection.
Basic prompts
You can simply ask:
What does CrowdSec know about <an IP>
For example:
What does CrowdSec know about 184.178.172.25
The 3 steps copilot take will be: to select the plugin, do the request and format his response as shown below: