Cyware Respond
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Cyware offers threat intelligence management, security collaboration, and orchestrated response solutions. Cyware Respond is an end-to-end incident management and threat response automation platform. You can use the Cyware Respond plugin with Microsoft Copilot for Security to find specific types of incidents, actions, applications, critical software assets, malware, vulnerabilities, and more.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Know before you begin
Integration with Copilot for Security requires an API Key. You'll need to take the following steps before using the plugin.
Get your Cyware Respond API key. If you don't have one yet, follow these steps:
Go to the Cyware website and create an account.
Go to the Admin panel, and then go to Open APIs.
Create a new OpenAPI credential set.
Copy your OpenAPI token generated.
Sign in to Microsoft Copilot for Security.
Access Manage Plugins by selecting the Plugin button from the prompt bar.
Next to Cyware Respond, select Set up.
Provide your Cyware Respond Instance URL and API Token.
Select Save and Test. Then select Save.
Sample Cyware Respond prompts
After the Cyware Respond plugin is configured, you can use it by typing Cyware Respond
in your Copilot for Security prompt bar, followed by an action. The following table provides several examples you can try:
Capability | Example prompts |
---|---|
Incident Management | |
Querying incidents | "Search for incidents related to 'ransomware' in Cyware Respond." "Find incidents mentioning 'data breach' in Cyware Respond." |
Retrieving incident details | "Get details for the above incident from Cyware Respond." "Show more information about the incident in Cyware Respond with UUID <uuid>." |
Action Management | |
Querying actions | "Look up actions tagged with 'isolate' from this week in Cyware Respond." "Find all 'network scan' actions performed yesterday in Cyware Respond." |
Action details | "Retrieve details of the last action we discussed from Cyware Respond." "Can you provide more info on the previously mentioned action in Cyware Respond?" |
Application Management | |
Querying applications | "Search for applications with 'firewall' in their name in Cyware Respond." "Find security tools updated recently in Cyware Respond." |
Application details | "Get details for the above application from Cyware Respond." "Show configuration details for the previously discussed security application in Cyware Respond." |
Software asset management | |
Querying software assets | "List critical software assets in Cyware Respond." "Search for software needing updates in Cyware Respond." |
Software details | "Provide details for the last mentioned software asset in Cyware Respond." "Can you fetch the version info of the software we talked about earlier in Cyware Respond?" |
Campaign management | |
Querying campaigns | "Find all active campaigns related to 'phishing' in Cyware Respond." "Search for recent campaigns targeting remote employees in Cyware Respond." |
Campaign details | "Get campaign details for the previously mentioned campaign in Cyware Respond." "Show more details about that cyber threat campaign from Cyware Respond." |
Threat intelligence management | |
Querying threat intelligence | "Search for threat intel on 'DDoS attacks' in Cyware Respond." "Retrieve updates on 'APT groups' from this week in Cyware Respond." |
Threat intel details | "Show details of the last threat intel we discussed in Cyware Respond." "Can you provide more info on the threat actor mentioned earlier in Cyware Respond?" |
Malware Management | |
Querying malware | "Find all malware detections from the past week in Cyware Respond." "Search for 'spyware' detections in the marketing department in Cyware Respond." |
Malware details | "Give me the details of the previously mentioned malware in Cyware Respond." "I need more information on that 'ransomware' we identified in Cyware Respond." |
Vulnerability management | |
Querying vulnerabilities | "Search for high-severity vulnerabilities in Cyware Respond." "List all vulnerabilities discovered in the network infrastructure in Cyware Respond." |
Vulnerability details | "Get details of the vulnerability we discussed last time in Cyware Respond." "Show mitigation steps for the above-mentioned vulnerability in Cyware Respond. |
Troubleshoot the Cyware plugin
Errors occur
If you encounter errors, such as Couldn't complete your request, or An unknown error occurred, make sure the plugin is turned on. If the issue persists, sign out of Copilot for Security, and then sign back in.
Prompts aren't invoking the correct capabilities
If prompts are not invoking the correct capabilities, or prompts are invoking some other capability set, you might have custom plugins or other plugins that have similar functionality as the capability set you want to use. To prioritize and target Cyware, try disabling other custom plugins.
Provide feedback
To provide feedback, contact Cyware.