AI-Driven Guided Response for Security Operation Centers with Microsoft Copilot for Security
Capture
- arXiv: 2407.09017
- DOI: https://doi.org/10.48550/arXiv.2407.09017
- Submitted: 2024-07-12; revised: 2024-11-26
- Related venue: ACM Web Conference 2025
- Source URL: https://arxiv.org/abs/2407.09017
Abstract Summary
The paper describes Microsoft Copilot for Security Guided Response (CGR), an industry-scale architecture for investigation, triage, and remediation recommendations. It reports worldwide deployment in Defender XDR and releases GUIDE, a large public collection of real-world security incidents with evidence and triage labels.
Why It Matters For The Wiki
This is one of the strongest industry-scale AI SOC papers because it combines production deployment, triage/remediation workflow, and a large labeled incident dataset. It should anchor evaluation and dataset discussions.
Recommended Ingest Notes
- Extract architecture, GUIDE dataset details, triage labels, remediation recommendation claims, and evaluation limitations.
- Compare against SIABENCH and RAG-based SIA papers.