Prompting in Microsoft Security Copilot
Watch the Security Copilot tour to get familiar with the standalone Security Copilot experience, if you haven't already.
Once you're all set up in Security Copilot, you can start using prompts. Prompts are the primary input Security Copilot needs to generate answers that can help you in your security-related tasks. Promptbooks are a series of prompts that have been put together to accomplish specific security-related tasks.
To help introduce the concept of prompting in Security Copilot, a set of prompts and promptbooks are immediately available on the home screen.
Use the prompts and promptbooks library
The prompts and promptbooks library in Security Copilot helps you quickly harness the power of the platform in a way that aligns with your role. These set of prompts and promptbooks are designed to guide you through features and capabilities most relevant to your work.
The curated prompts and promptbooks provide easy access to role-based examples that gets you prompting fast, helping you streamline your work and boost your productivity.
Apply filters
You can apply filters to find prompts or promptbooks that are most relevant to you. Narrow down search results by applying multiple filters to better suit your role or scenario.
Customize your search by selecting filters based on:
- Roles - Examples include: CISO, SOC analyst, threat intel analyst, and IT administrator.
- Plugins - Examples include: Microsoft Defender XDR, Microsoft Threat Intelligence, and Natural language to KQL for advanced hunting.
You can also use the search function to look up prompts or promptbooks by title.
Using the prompts library
Follow these steps to use the ready-made prompts:
Select Prompts and apply other applicable filters.
Use the search function to find the title of a prompt or select a prompt from the library.
If the prompt requires input (for example, an app name or incident ID), type it in the input box.
Select Send
or press Enter.
Using the promptbooks library
Promptbooks are a series of prompts that have been put together to accomplish specific security-related tasks. Each prebuilt promptbook requires a specific input (for example, a code snippet or a threat actor name).
There are 2 ways you can access the promptbooks library:
- Through the home screen
- Through the Security Copilot menu
Accessing promptbooks from the home screen
There are several functionalities available to you when you access promptbooks from the home screen.
You can choose any of the following actions:
- Use the promptbook by selecting Get started.
- Select ... to view the details of the promptbook.
- Select Duplicate to create a copy of the promptbook.
- Select Share to copy the link to the promptbook.
Access promptbooks from the menu
Both prebuilt and user-built promptbooks across your organization appear in the promptbook library. View the promptbooks by going to the Security Copilot menu and selecting Promptbook library. To view a list of available prebuilt promptbooks available in Security Copilot, see Try promptbooks.
The promptbook library displays all the promptbooks available to you. The promptbooks are listed by name, and you can view the description, owner, number of prompts, the required plugins, inputs, and tags, if any.
Select the magnifying glass icon in the Promptbook library in the top left region of the page. Type in the first few letters of your promptbook title and wait for the results to load.
You can also filter based on tags.
Choose individual prompts and promptbooks
In the Copilot home page, select the prompts icon 
at the prompt bar.
You can see a list of promptbooks and prompts that you can start with. Promptbooks are a collection of one or many prompts that were put together to accomplish specific security-related tasks. It runs the series of prompts in sequence, with one prompt building on the one before it.
Read about the different Security Copilot promptbooks in Using promptbooks.
Create your own prompts
Using the same prompt bar as in the previous prompting method, you can directly enter requests in your own words for Security Copilot to answer.
In the prompt bar, type your question for Security Copilot.
Select Send
or press Enter.Wait for Security Copilot to generate a response.
As the response is being formed, and depending on your process log settings, Security Copilot shows the individual steps being taken in the process log to form the response. The process log gives you visibility into the step-by-step actions, sources of information being used, and the amount of time it's taking to form the response.
At any time during response generation, you can cancel, edit, or delete your prompt.
Read the response by Security Copilot. Review and verify whether the responses are accurate and meet your needs.
If you have more questions for Security Copilot, you can continue the session with more prompts to get iterative responses. If you aren't completely satisfied with the response, you can try asking the question in a different way, providing more details or examples of what you expect, or indicating the response format that you prefer. To get some ideas about what makes an effective prompt, read Elements of an effective prompt.
Watch the following video to learn more about prompting:
Providing feedback
Whether you use promptbooks or your own prompt, providing feedback about your satisfaction with the generated response can help Microsoft in improving Security Copilot. You can find the feedback buttons at the bottom of the response.
Remember, Security Copilot doesn't always get everything right, and AI-generated content can contain inaccuracies.
If you're satisfied by the response, select Looks right and then provide some details about what Security Copilot got right.
If you aren't satisfied by the response, select Needs improvement, and provide some details about what Security Copilot didn't get right.
If for any reason Security Copilot came up with a concerning, unexpected response, you can select Inappropriate and give more details.