Skip to main content

Copilot for Security Spectra Intelligence Plugin - User Guide

Overview

The ReversingLabs Spectra Intelligence plugin for Microsoft Copilot for Security enables security teams to reference largest repository of goodware and malware files while interacting with the AI-powered capabilities of Microsoft Copilot for Security.

Current Features

The Spectra Intelligence plugin for Microsoft Copilot for Security currently supports the following features:

  • Retreiving file hash reputation data

  • Summarizing static file analysis reports

  • Summarizing dynamic file analysis reports

Plugin Installation

  1. Get your ReversingLabs user account and password.

  2. Sign in to Microsoft Copilot for Security.

  3. Access Manage Plugins by selecting the Plugin button from the prompt bar.

    Screenshot showing the Microsoft Copilot for Security prompt bar

  4. Find the ReversingLabs Spectra Intelligence plugin, select "Set Up" to configure and enable it.

    Screenshot showing the Spectra Intelligence plugin

  5. In the ReversingLabs settings pane, provide your ReversingLabs user account and password.

    Screenshot showing the credential configuration page

  6. Save your changes.

Using the Plugin

After the ReversingLabs Spectra Intelligence plugin is configured, you can use it by typing ReversingLabs in your Copilot for Security prompt bar, followed by an action. The following table provides several examples you can try:

Skill Prompt SuggestionDescriptionExample natural language prompt
GetFileHashReputationThis skill is used to retrieve file hash reputation information.What is the reputation of hash a6e728c3331f46763f643f7192959716034767e5?
GetDetailedFileAnalysisResultsRetrieve additional analysis details for the supplied file hash.Get the MITRE ATT&CK techniques from the detailed file analysis of a6e728c3331f46763f643f7192959716034767e5.
GetDynamicAnalysisReportRetrieve the full sandbox dynamic analysis report for the supplied file hash.Get the dynamic analysis report for a6e728c3331f46763f643f7192959716034767e5 and summarize any new network connections created.

Examples

Basic Usage

This example uses the following natural language prompt:

Get the reputation of SHA1 file hash a6e728c3331f46763f643f7192959716034767e5

Screenshot showing the output of a prompt

Advanced Usage

The power of Microsoft Copilot for Security comes from the ability of the assistant to manipulate data. For example, a SOC analyst can take a complex static file analysis report and summarize it in an easy to understand format.

Provide a brief summary of the ReversingLabs file analysis results for sha1 hash a6e728c3331f46763f643f7192959716034767e5

Screenshot showing the output of the file analysis results action

An analyst can then use the report data to have Copilot generate additional useful data, such as a spreadsheet of the associated MITRE ATT&CK tactics and techniques:

Generate a spreadsheet using the previous ReversingLabs file analysis report containing the MITRE ATT&CK tactics and techniques

Screenshot showing the output of a prompt