ChatGPT and Microsoft Sentinel — simplify the incident handling process

Today, I’m excited to share my experience testing the integration of ChatGPT with Microsoft Sentinel. My goal with this integration was twofold: to have some fun experimenting with this cutting-edge technology and to explore how it could be used to empower security analysts in incident handling. By harnessing the power of ChatGPT, I believe it is possible to speed up and simplify the incident handling process, making it more efficient and effective for all involved.

As I researched this topic, I read several blog posts and experiments about the integration of ChatGPT with Microsoft Sentinel. I found these resources to be incredibly valuable as they provided insight into how others have approached this topic and what they have discovered through their own experimentation. These resources also gave me inspiration for my own testing and helped me to think more critically about the potential benefits and limitations of using ChatGPT in incident handling. Overall, reading these other blog posts and experiments was a crucial step in my own journey to understanding the capabilities and potential of this technology. (please find some references at the end of the post).

In this blog post, I’ll take you through our testing process, share our findings, and discuss the potential implications of this integration for the field of security. So, without further ado, let’s dive in!

Use case description