Cybersixgill
Cybersixgill offers real-time threat intelligence solutions to help security teams detect and respond to imminent threats from the clear, deep, and dark web.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Prerequisites
- The plugin requires the use of an API key that can be obtained from Cybersixgill developer portal.
- Once logged into the developer portal, obtain and safely copy your API client ID and secret.
Note
If you are not a Cybersixgill customer, send email to cfs@cybersixgill.com to get your 3-month free trial.
Know before you begin
You'll need to take the following steps to use the plugin.
Sign in to Microsoft Security Copilot.
Access Manage Plugins by selecting the Plugin button from the prompt bar.
Select Settings to configure your Cybersixgill plugin.
Select Save and begin prompting in Security Copilot.
Sample Cybersixgill prompts
After the Cybersixgill plugin is configured, you can try one or more of the capabilities listed in the following table:
| Capability | Example prompts |
|---|---|
| Check if my organizational credentials were compromised in the dark web | - According to Cybersixgill, tell me if credentials of my organization were compromised in the dark web in the last month - According to Cybersixgill, tell me if the following xxx@xxx.com credentials were exposed in the dark web in the last month |
| Search about recent breach/ransomware events | - According to Cybersixgill, Tell me about the last 10 breach events from forum_breach related to the UK. Summarize it in a table and provide victim name with sector Tell me about ransomware attacks in the last 90 days targeting the healthcare sector using Cybersixgill database |
| Get details about specific CVE | - According to Cybersixgill, tell me if for CVE-2023-34362 there is POC, metasploit and known to be exploited in the wild with any associated APTs. include references |
| Get comprehensive profiles of APTs, Actors and related Malware and IOCs | - According to Cybersixgill, tell me about related malware and IOCs for APT39 - According to Cybersixgill, tell me about associated APTs with Raccoon Stealer? - According to Cybersixgill, I'm a CTI analyst at a european MSSP. A customer of mine is worried about the APT MuddyWater. Tell me about it - According to Cybersixgill, tell me to which apt cve-2023-36884 is connected to |
| Lookup on specific IOCs or IPs | - According to Cybersixgill, tell me about the following IP [IP] - According to Cybersixgill, give me IOCs for racoon stealer |
Troubleshoot the Cybersixgill plugin
Errors occur
If you get errors, such as Couldn't complete your request, or An unknown error occurred, make sure the plugin is turned on. If the issue persists, sign out of Security Copilot, and then sign back in.
Prompts aren't invoking the correct capabilities
If prompts aren't invoking the correct capabilities, or prompts are invoking some other capability set, you might have custom plugins or other plugins that have similar functionality as the capability set you want to use. For example, if you're using multiple sources that provide information like Cybersixgill, there might be conflicts. Try using the product name Cybersixgill in your prompts.
Provide feedback
To provide feedback, contact Cybersixgill.