2_ds_microsoft_copilot.md

May 13, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall security-alert ↳microsoft-copilot-json-alert-trigger-success-dlprulematch	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	62 Rules 33 Models
Data Access	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall	T1078 - Valid Accounts	19 Rules 11 Models
Data Leak	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Privilege Abuse	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall app-activity-failed ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	6 Rules 2 Models
Privilege Escalation	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳microsoft-copilot-json-ai-agent-request-success-interaction-2 ↳microsoft-copilot-json-ai-agent-request-success-interaction ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall app-activity-failed ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall ↳microsoft-copilot-json-ai-agent-powerplatform-catchall-2 ↳microsoft-copilot-json-ai-agent-powerplatform-catchall security-alert ↳microsoft-copilot-json-alert-trigger-success-dlprulematch	T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	3 Rules 1 Models