KQL Search

Query Details

Copilot Studio Secrets In User Message

Query

id: a1b2c3d4-1003-4a11-9c01-0123456789a3
name: Copilot Studio - Secrets or bulk PII in user prompt
description: |
  Raises an incident when an inbound user message to a Copilot Studio
  agent contains secret-like material (AWS access key, PEM private key,
  JWT), a credit-card / PAN number, or bulk PII (>=10 email addresses).
  Users pasting live credentials, card numbers, or customer lists into an
  agent is a data-governance and credential-exposure risk, and can also be
  the setup stage for a poisoning or replay attack.

  Reads inbound turns from AppEvents (Name == "BotMessageReceived") with
  the prompt text in Properties.text (requires "Log sensitive properties"
  on the agent's Application Insights settings).
severity: High
requiredDataConnectors:
- connectorId: ApplicationInsights
  dataTypes:
  - AppEvents
queryFrequency: PT1H
queryPeriod: PT1H
triggerOperator: gt
triggerThreshold: 0
enabled: true
tactics:
- CredentialAccess
- Collection
relevantTechniques:
- T1552
- T1213
query: |
  AppEvents
  | where Name == "BotMessageReceived"
  | extend
      ConvId    = tostring(Properties["conversationId"]),
      ChannelId = tostring(Properties["channelId"]),
      Prompt    = tostring(Properties["text"])
  | where isnotempty(Prompt)
  | extend
      AwsKey     = Prompt matches regex @"AKIA[0-9A-Z]{16}",
      PrivateKey = Prompt contains "-----BEGIN" and Prompt contains "PRIVATE KEY-----",
      Jwt        = Prompt matches regex @"eyJ[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}\.[A-Za-z0-9_\-]{10,}",
      EmailCount = array_length(extract_all(@"([A-Za-z0-9._%+\-]+@[A-Za-z0-9.\-]+\.[A-Za-z]{2,})", Prompt)),
      DigitsOnly = replace_regex(Prompt, @"[ \-]", "")
  | extend
      CardLike   = DigitsOnly matches regex @"[3-6][0-9]{12,18}"
  | where AwsKey or PrivateKey or Jwt or CardLike or EmailCount >= 10
  | extend Signal = case(
      AwsKey,           "AwsAccessKey",
      PrivateKey,       "PrivateKey",
      Jwt,              "JwtToken",
      CardLike,         "CardNumberPII",
      EmailCount >= 10, "BulkEmailPII",
      "Unknown")
  | extend AccountName = iff(isempty(UserId), "unknown-agent", UserId)
  | project
      TimeGenerated, Signal, AccountName, ConvId, ChannelId, EmailCount, CardLike,
      Prompt = substring(Prompt, 0, 1024), SessionId, ClientIP, AppVersion
  | order by TimeGenerated desc
entityMappings:
- entityType: Account
  fieldMappings:
  - identifier: Name
    columnName: AccountName
- entityType: IP
  fieldMappings:
  - identifier: Address
    columnName: ClientIP
eventGroupingSettings:
  aggregationKind: SingleAlert
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    enabled: true
    reopenClosedIncident: false
    lookbackDuration: PT6H
    matchingMethod: Selected
    groupByEntities:
    - Account
    groupByAlertDetails: []
    groupByCustomDetails: []
version: 1.0.0
kind: Scheduled
tags:
- Sentinel-As-Code
- Custom
- CopilotStudio
- AI
- CredentialExposure
- Secrets

Explanation

This query is designed to monitor and raise alerts when sensitive information is detected in user messages sent to a Copilot Studio agent. Here's a simplified breakdown of what it does:

  1. Purpose: The query identifies messages containing sensitive data such as AWS access keys, private keys, JWT tokens, credit card numbers, or a large number of email addresses (10 or more). This is important for preventing data breaches and potential security threats like credential exposure or data poisoning attacks.

  2. Data Source: It analyzes inbound messages received by the bot, specifically looking at the text content of these messages. This requires enabling the logging of sensitive properties in the agent's settings.

  3. Detection Logic:

    • It checks for patterns that match AWS access keys, private keys, JWT tokens, and credit card numbers.
    • It counts the number of email addresses in the message.
    • If any of these patterns are detected or if there are 10 or more email addresses, it flags the message.

  4. Alert Details:

    • If a match is found, it categorizes the type of sensitive information detected (e.g., AWS key, private key, etc.).
    • It logs details like the time of detection, type of sensitive data, account name, conversation ID, and other relevant information.

  5. Severity and Frequency: The alert is marked as high severity and checks for such messages every hour.

  6. Incident Management: When such an event is detected, it creates an incident in the system. Incidents can be grouped by account to manage related alerts together.

  7. Tags and Metadata: The query is tagged with relevant keywords for easy identification and categorization in the system.

Overall, this query helps in maintaining data governance and security by proactively identifying and alerting on potential exposure of sensitive information in user interactions with the Copilot Studio agent.

Details

David Alonso profile picture

David Alonso

Released: June 8, 2026

Tables

AppEvents

Keywords

AppEventsApplicationInsightsAccountIPClientIPSessionIdAppVersionUserIdPromptEmailCountCardLikeConvIdChannelIdSignalAccountName

Operators

|whereextendtostringisnotemptymatches regexcontainsarray_lengthextract_allreplace_regexcaseiffisemptyprojectsubstringorder by

Actions