The Microsoft Copilot Data Connector for Microsoft Sentinel is Now in Public Preview

Microsoft has launched a new Microsoft Copilot data connector for Microsoft Sentinel. This connector allows ingestion of audit logs and activities from various Copilot offerings into Microsoft Sentinel. These logs are sourced from the Purview Unified Audit Log, available by default. The connector enables the use of Copilot data within Sentinel features like analytics and automation. Copilot data can also be sent to Sentinel data lake for expanded integration and lower cost storage. The connector is available for all Sentinel users with Copilot licenses. It supports many record types from the Office 365 Management API related to Copilot actions. Users can identify anomalous Copilot interactions and unauthorized access. The connector can be installed via the Microsoft Sentinel Content Hub. To enable it, users require Global Administrator or Security Administrator privileges and the data will populate in the CopilotActivity table. Data ingestion costs apply, based on Microsoft Sentinel workspace settings. The connector is currently in Public Preview, offering valuable security insights.