Copilot
Copilot - AI-powered coding assistant that helps developers write code more efficiently.
Detection Rules for Copilot
Provider: Zoom
Detection Rule | MITRE Tactic | MITRE Technique | Criticality | ||||
---|---|---|---|---|---|---|---|
Suspicious Code Completion Suggestions | Execution | User Execution (T1203) | High | ||||
|
|||||||
Unusual Repository Activity | Collection | Data from Information Repositories (T1213) | Medium | ||||
|
|||||||
Excessive Use of Sensitive Libraries | Execution | Exploitation for Client Execution (T1203) | High | ||||
|
|||||||
Anomalous API Key Generation | Credential Access | Credentials from Password Stores (T1555) | Critical | ||||
|
|||||||
Unauthorized Use of Development Tools | Persistence | Credential Dumping (T1003) | Medium | ||||
|
|||||||
Code Submissions with Hardcoded Secrets | Exfiltration | Data Exfiltration Over Command and Control Channel (T1041) | High | ||||
|
|||||||
High Frequency of API Interactions | Collection | Application Layer Protocol (T1071) | Medium | ||||
|
|||||||
Integration with Untrusted Third-Party Apps | Defense Evasion | Application Layer Protocol (T1071) | High | ||||
|
APIs and Their Scopes
Detection Rule | Required API | Scopes Required |
---|---|---|
Suspicious Code Completion Suggestions | Copilot Code Suggestion API | read:code, read:suggestions |
Unusual Repository Activity | Repository Activity API | read:repo, read:commits |
Excessive Use of Sensitive Libraries | Code Analysis API | read:code, read:analysis |
Anomalous API Key Generation | API Key Management API | manage:apikeys |
Unauthorized Use of Development Tools | Tool Integration API | read:integrations, manage:tools |
Code Submissions with Hardcoded Secrets | Secret Scanning API | read:code, read:scanning |
High Frequency of API Interactions | API Usage Metrics API | read:usage, read:metrics |
Integration with Untrusted Third-Party Apps | Third-Party Integration API | read:integrations, manage:thirdparty |
Reports and Widgets for CISO
Report Name | Widgets | Description |
---|---|---|
Security Incident Report | Total Incidents | Summary of security incidents detected related to Copilot. |
Incident Severity Breakdown Incident Timeline |
||
Code Quality and Vulnerability Report | Vulnerability Count | Assessment of code submissions for vulnerabilities and risks. |
Top Vulnerable Libraries Submission Quality Score |
||
User Access and Activity Report | Active Users | Overview of user access patterns and activity within Copilot. |
Login Trends Unauthorized Access Attempts |
||
API Usage and Performance Report | API Call Volume | Metrics on API interactions and performance metrics. |
Top API Users Response Time Analysis |
||
Integration Audit Report | Total Integrations | Review of integrations with third-party tools and their security posture. |
Trusted vs. Untrusted Integrations Integration Activity Log |
||
Compliance and Policy Adherence Report | Policy Violations | Assessment of adherence to coding and security policies. |
Non-Compliant Submissions Compliance Trends |
||
API Key Usage Report | API Key Count | Summary of API key generation and usage patterns. |
Key Usage Trends Anomalous Key Activities |
||
Secret Management Report | Total Secrets Found | Overview of hardcoded secrets detected in code submissions. |
Top Offending Submissions Secret Exposure Trends |