Microsoft Copilot Jailbreak Detected
Query
CloudAppEvents
| where ActionType == "CopilotInteraction"
| project-away AppInstanceId, ActivityObjects, IsAdminOperation, IsExternalUser, Type
| extend EventData = RawEventData.CopilotEventData
| extend
AppHost = tostring(EventData.AppHost),
ThreadId = tostring(EventData.ThreadId),
Messages = EventData.Messages,
Resources = EventData.AccessedResources
| mv-expand Messages
| extend
MessageId = tostring(Messages.Id),
isPrompt = tobool(Messages.isPrompt),
JailbreakDetected = tobool(Messages.JailbreakDetected)
| project-away Messages, EventData
| where JailbreakDetected != 0
| where isnotempty(JailbreakDetected)About this query
Microsoft Copilot Jailbreak Detected
Query Information
MITRE ATT&CK Technique(s)
| Technique ID | Title | Link |
|---|---|---|
| T1588.007 | DLL | https://attack.mitre.org/techniques/T1588/007/ |
Description
This rule detects instances where a 'jailbreak' attempt is identified within a Microsoft Copilot interaction. It specifically looks for CopilotInteraction events where the 'JailbreakDetected' flag is set to true in the message data.
Author <Optional>
- Name: Benjamin Zulliger
- Github: https://github.com/benscha/KQLAdvancedHunting
- LinkedIn: https://www.linkedin.com/in/benjamin-zulliger/
References
Defender XDR
Explanation
This query is designed to detect attempts to "jailbreak" Microsoft Copilot, which means trying to bypass or manipulate its intended functionality. It specifically looks for events labeled as "CopilotInteraction" within cloud application events. The query filters these events to find instances where the 'JailbreakDetected' flag is set to true, indicating a potential jailbreak attempt.
Here's a breakdown of the query:
-
Source of Data: It starts by looking at
CloudAppEventswhere the action type is "CopilotInteraction". -
Data Filtering: It removes unnecessary columns such as
AppInstanceId,ActivityObjects,IsAdminOperation,IsExternalUser, andTypeto focus on relevant data. -
Data Extraction: It extracts specific details from the raw event data related to Copilot, including the application host, thread ID, messages, and accessed resources.
-
Message Analysis: It expands the messages to analyze each one individually, extracting the message ID, whether it is a prompt, and if a jailbreak was detected.
-
Jailbreak Detection: It filters the results to only include messages where a jailbreak was detected (
JailbreakDetectedis true).
In summary, this query identifies and lists events where a jailbreak attempt was detected in Microsoft Copilot interactions, helping security teams monitor and respond to potential security threats.
