Develop a Copilot for Security Plugin

Rogier Dijkman
5 min readFeb 19, 2024

--

In this first lesson, we’ll cover the basics of creating a plugin for Microsoft Security CoPilot. By the end, you’ll understand the essential parts needed to make a plugin and be able to use the template we provide.

Microsoft Security CoPilot comes with some pre-made plugins that users or organizations can turn on. But you can also make your own plugin, which is what we’ll focus on.

Creating a plugin for an AI platform might seem daunting at first. I felt the same way, but breaking it down into smaller steps made it much more manageable.

Let’s dive in and make it easier to understand.

Developing a Plugin

A plugin for Microsoft Security CoPilot consists of two main components:

OpenAPI Specification:
This component describes how the API of the plugin works. It defines the endpoints, request and response formats, authentication mechanisms, and any other relevant details about the plugin’s API.
The OpenAPI specification provides a standardized way to document and communicate the functionality of the plugin.

Plugin Manifest:
The plugin manifest file is used to explain to CoPilot how to use the plugin. It provides metadata and configuration information about the plugin, such as its name, version, author, dependencies, and any other necessary details. The manifest file helps CoPilot understand how to integrate and interact with the plugin.

Microsoft Copilot uses the following process flow when the user asks a question and Microsoft Copilot answers the question by searching for and using a plugin.

In our first example we will use a public OpenAPI Spec and focus on creating a Plugin manifest

Plugin manifest

The plugin manifest can be written in JSON or YAML format, but we'll stick to using YAML for the plugin manifest.

YAML is a human-readable languafe that is often used for writing configuration files. It is a clear and easy-to-read format.

So, for consistency and simplicity, we'll use YAML instead of JSON throughout the lessons.

The YAML manifest starts with a Descriptor key, which is a mapping that contains three keys: Name, DisplayName, and Description

These keys are used to provide metadata about the plugin it's associated with.

  • Name is the identifier for the application or service.
  • DisplayName is a more human-friendly name that can be used in user interfaces.
  • Description provides more detailed information about the application or service.

The next key in the document is SkillGroups, which is a sequence (or list). Each item in the sequence is a mapping that describes a skill group. In this case, there's only one skill group defined.

  • Format specifies the format of the skill group. Here, it's set to API, indicating that this skill group is related to an API.
  • Settings is another mapping that contains configuration settings for the skill group. Here, it includes OpenApiSpecUrl, which is the URL of the OpenAPI specification for the API.
Descriptor:
Name:
DisplayName:
Description:

SkillGroups:
- Format: API
Settings:
OpenApiSpecUrl: https://<path-to-url>/openapi.yaml

Creating our first manifest

Now that we know what info we need for a manifest file, let’s set it up for our first Microsoft Security CoPilot plugin.

  1. Create a new file named manifest.yaml
  2. Copy and past the following example it to the manifest.yaml
Descriptor:
Name: BasicRequest
DisplayName: My First Plugin (BasicRequest)
Description: Lesson 1 - Plugin for requesting http headers from the incoming request.

SkillGroups:
- Format: API
Settings:
OpenApiSpecUrl: https://raw.githubusercontent.com/SecureHats/security-copilot/da70fb9b970d5b95faff462dff8491d46ac7d71a/Lesson%201/openapi.yaml

NOTE: The Name: is the command to be used in the CoPilot prompt to call the Plugin

Adding a custom plugin

  1. Open the Security CoPilot portal and login
  2. click on the Security CoPilot plugin button at the bottom right to open the Manage plugins dialog
  3. scroll to the bottom section named custom
  4. select Add plugin
  5. upload the manifest.yaml file
  6. select add

Congratulations, you have now added your first custom plugin

Testing the custom plugin

Now that we’ve got our shiny new plugin installed in Microsoft Security CoPilot, it’s time to try it out and see how well it works.

Let’s kick off a new session and try adding the following request.

Microsoft Security CoPilot successfully figured out and used the right plugin. It did this because we included a specific word, BasicRequest, in our question earlier.

Now, if we examine the results more closely from what we asked before, we find these specific details:

  1. In step 1 we can observe that the DisplayName from the manifest is shown My First Plugin (BasicRequest)
  2. Step 2 is not showing any details, but this is the step where the API call to the provided uri was executed.

NOTE: The API endpoint is described in the OpenAPI Specification that is referenced in the manifest see openapi.yaml

  1. In the last step the response in processed and shows us the header information from the call tho the httpbin.org API

Summary

In this first lesson about Microsoft CoPilot for Security, we’ve covered the basics of creating a plugin for the platform.
With our plugin added, we tested it by making a request.
CoPilot successfully utilized the plugin, thanks to the keyword “BasicRequest” we included earlier. Examining the results, we see the plugin’s display name, details of the API call, and the response’s header information.

By following these steps, you’ve successfully created and integrated your first custom plugin into Microsoft Security CoPilot!

Follow more lessons

Did you like this first lesson? I will try to create a new lesson every week and publish it on my GitHub: https://github.com/SecureHats/security-copilot

--

--

Rogier Dijkman
Rogier Dijkman

Written by Rogier Dijkman

Microsoft Security MVP | Azure | GitHub | Cloud Security Architect | Marathoner | passionate about Microsoft Security

No responses yet