Query Details

Copilot Studio - Bulk data-exfiltration intent in user message

Copilot Studio Bulk Data Exfiltration Intent

Query

let exfilMarkers = dynamic([
    "show all", "list all", "list every", "export all", "export the entire",
    "give me all", "give me every", "give me the full list", "full list of",
    "all records", "all customers", "all users", "all bookings", "all orders",
    "all employees", "every record", "every customer", "every user",
    "dump the", "dump all", "entire database", "entire table",
    "complete list of", "everything you have on", "all the data",
    "without any filter", "no limit", "select *"
]);
AppEvents
| where Name == "BotMessageReceived"
| extend
    ConvId    = tostring(Properties["conversationId"]),
    ChannelId = tostring(Properties["channelId"]),
    Locale    = tostring(Properties["locale"]),
    DesignMode = tostring(Properties["DesignMode"]),
    Text      = tolower(tostring(Properties["text"]))
| where isnotempty(Text)
| mv-apply Marker = exfilMarkers to typeof(string) on (
      where Text contains Marker
      | summarize Markers = make_set(Marker)
  )
| extend AccountName = iff(isempty(UserId), "unknown-agent", UserId)
| project
    TimeGenerated, AccountName, ConvId, ChannelId, Locale, DesignMode,
    Markers, Text = substring(tostring(Properties["text"]), 0, 1024),
    SessionId, ClientIP, AppVersion
| order by TimeGenerated desc

Explanation

This query is designed to detect potential data exfiltration attempts through a chatbot or virtual assistant, specifically in the context of Copilot Studio. Here's a simplified breakdown of what it does:

  1. Purpose: The query identifies situations where a user message to a chatbot requests large amounts of data, such as "show all records" or "export all bookings." This could indicate an attempt to extract more data than the user is authorized to access.

  2. Data Source: It analyzes inbound messages received by the bot, which are logged as "BotMessageReceived" events in Application Insights.

  3. Detection Method: The query looks for specific phrases (e.g., "show all," "dump the table") in the message text that suggest a request for bulk data. These phrases are stored in a list called exfilMarkers.

  4. Alert Generation: If any of these phrases are found in a message, an alert is generated. The alert includes details like the time the message was received, the account name, conversation ID, channel ID, and the text of the message.

  5. Severity and Tactics: The severity of the alert is set to "Medium," and it is associated with tactics like "Collection" and "Exfiltration," which are common in data theft scenarios.

  6. Incident Management: If such an event is detected, an incident is created. The system can group similar incidents together based on the account involved, but it won't reopen closed incidents.

  7. Frequency: The query runs every hour and looks back over the past hour to identify any suspicious messages.

  8. Tags and Versioning: The query is tagged with relevant keywords for easy identification and is versioned for tracking changes.

Overall, this query helps monitor and prevent unauthorized data access through chatbot interactions by flagging messages that could indicate an attempt to extract large datasets.

Details

David Alonso profile picture

David Alonso

Released: June 8, 2026

Tables

AppEvents

Keywords

CopilotStudioAppEventsBotMessageReceivedAccountNameUserIdSessionIdClientIPAppVersion

Operators

letdynamictostringtolowerisnotemptymv-applytotypeofcontainssummarizemake_setiffisemptyprojectsubstringorder bydesc

Severity

Medium

Tactics

CollectionExfiltration

MITRE Techniques

Frequency: PT1H

Period: PT1H

Actions

GitHub