KQL Search

Query Details

Copilot Studio Sensitive Connector Invocation

Query

id: a1b2c3d4-1007-4a11-9c01-0123456789a7
name: Copilot Studio - High-impact connector invoked
description: |
  Raises an incident when a Copilot Studio agent invokes a high-impact
  connector / action - one that can run code, send mail, reach arbitrary
  HTTP endpoints, query databases, or perform privileged Microsoft 365 /
  Azure operations. These connectors are the agent's reach into the wider
  estate and are the actions an attacker most wants to drive.

  Reads AppDependencies (DependencyType == "Connector"). The match list
  is keyed off the connector Name / Target substring. Tune the
  sensitiveConnectors list to your approved high-impact action set.
severity: Medium
requiredDataConnectors:
- connectorId: ApplicationInsights
  dataTypes:
  - AppDependencies
queryFrequency: PT1H
queryPeriod: PT1H
triggerOperator: gt
triggerThreshold: 0
enabled: true
tactics:
- Execution
- LateralMovement
relevantTechniques:
- T1059
- T1648
query: |
  let sensitiveConnectors = dynamic([
      "office365", "sendemail", "sendmail", "outlook", "exchange",
      "http", "webhook", "azuread", "azure", "sql", "dataverse",
      "sharepoint", "onedrive", "powershell", "function", "automate",
      "logicapp", "graph", "keyvault", "blob", "storage"
  ]);
  AppDependencies
  | where AppRoleName == "Microsoft Copilot Studio" or DependencyType == "Connector"
  | extend
      ConvId    = tostring(Properties["conversationId"]),
      ChannelId = tostring(Properties["channelId"]),
      MatchKey  = tolower(strcat(Name, " ", Target))
  | where MatchKey has_any (sensitiveConnectors)
  | summarize
        Calls     = count(),
        Targets   = make_set(Target, 25),
        Success   = countif(Success == true),
        Failures  = countif(Success == false),
        FirstSeen = min(TimeGenerated),
        LastSeen  = max(TimeGenerated)
      by Name, ConvId, ChannelId
  | extend AccountName = iff(isempty(ConvId), strcat("connector:", Name), ConvId)
  | project LastSeen, FirstSeen, AccountName, Name, ConvId, ChannelId, Calls, Success, Failures, Targets
  | order by LastSeen desc
entityMappings:
- entityType: Account
  fieldMappings:
  - identifier: Name
    columnName: AccountName
eventGroupingSettings:
  aggregationKind: SingleAlert
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    enabled: true
    reopenClosedIncident: false
    lookbackDuration: PT6H
    matchingMethod: Selected
    groupByEntities:
    - Account
    groupByAlertDetails: []
    groupByCustomDetails: []
version: 1.0.0
kind: Scheduled
tags:
- Sentinel-As-Code
- Custom
- CopilotStudio
- AI
- Connectors
- HighImpact

Explanation

This query is designed to monitor and raise an alert when a high-impact connector or action is invoked by a Copilot Studio agent. These connectors can perform significant operations like running code, sending emails, accessing HTTP endpoints, querying databases, or executing privileged Microsoft 365/Azure tasks, which are attractive targets for attackers.

Here's a simplified breakdown of the query:

  1. Purpose: To detect and alert on the use of high-impact connectors by Copilot Studio agents, which could indicate potential security threats.

  2. Data Source: The query reads from AppDependencies where the DependencyType is "Connector".

  3. Sensitive Connectors: It checks against a predefined list of sensitive connectors (e.g., "office365", "sendemail", "http", "azuread", etc.) to identify high-impact actions.

  4. Filtering and Matching: It filters the data to include only those entries where the connector name or target matches any of the sensitive connectors.

  5. Data Aggregation: It summarizes the data by counting the number of calls, successful and failed attempts, and records the first and last time the connector was seen.

  6. Output: The query outputs details such as the last and first seen times, account name, connector name, conversation ID, channel ID, number of calls, successes, failures, and targets.

  7. Alert Configuration: If any high-impact connector is invoked, an incident is created with a medium severity level. The alert is triggered if there is more than zero occurrences within an hour.

  8. Incident Grouping: Incidents are grouped by account, and the system is configured to not reopen closed incidents within a 6-hour lookback period.

  9. Execution Frequency: The query runs every hour and checks data from the past hour.

This setup helps in proactively identifying and responding to potential security threats posed by the misuse of high-impact connectors in the system.

Details

David Alonso profile picture

David Alonso

Released: June 8, 2026

Tables

AppDependencies

Keywords

CopilotStudioMicrosoftAzureOffice365SQLSharepointOnedrivePowershellLogicappGraphKeyvaultBlobStorageConnectorsAI

Operators

letdynamicwhereorextendtostringtolowerstrcathas_anysummarizecountmake_setcountifminmaxbyiffisemptystrcatprojectorder bydesc

Actions