From 89227e0e2b8b91130326ab29a2ff829b4a307dda Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Wed, 11 Jun 2025 12:04:48 -0400 Subject: [PATCH 01/13] Initial commit of Opentext TDR copilot per-region plugins --- .../Opentext/opentext-tdr-euwest.yaml | 39 +++++++++++++++++++ .../Opentext/opentext-tdr-uswest3.yaml | 39 +++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100755 Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml create mode 100755 Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml new file mode 100755 index 00000000..9e57593e --- /dev/null +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml @@ -0,0 +1,39 @@ +Descriptor: + Name: OpenText Core Threat Detection and Response + DisplayName: OpenText Core Threat Detection and Response + Description: | + Plugin for OpenText Core Threat Detection and Response designed to: + - GET Risky Users: Identify risky users within the organization + - GET Risky Devices: Identify risky devices within the organization + - GET Risky Rare Processes: Identify rare processes with security risks across the organization + - GET Summary of Risky User: Retrieve summary of a user's security risks + - GET Summary of Risky Device: Retrieve summary of a device's security risks + - GET Summary of Rare Process: Retrieve summary of a risky rare process execution + - GET Summary of Organization: Retrieve an overview of the organization's security threats and risks + - For the API responses: + - You **should always** show the ID present in the response to the user. This ID will be required to act on the alert in future prompts + DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. + Icon: https://www.opentext.com/assets/images/favicon.png + + Settings: + - Description: The URL of the OpenText instance to connect to. + Name: OpenTextInstanceUrl + HintText: e.g., https://data-insights-api.dev.interset.cloud/ + Label: Instance URL + SettingType: String + Required: true + + SupportedAuthTypes: + - ApiKey + + Authorization: + Type: APIKey + Key: X-API-KEY + Location: Header + AuthScheme: "" + +SkillGroups: + - Format: API + Settings: + OpenApiSpecUrl: https://tdr1.eu.tdrservice.com/openapi.json + EndpointUrlSettingName: OpenTextInstanceUrl diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml new file mode 100755 index 00000000..5aebd81a --- /dev/null +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml @@ -0,0 +1,39 @@ +Descriptor: + Name: OpenText Core Threat Detection and Response + DisplayName: OpenText Core Threat Detection and Response + Description: | + Plugin for OpenText Core Threat Detection and Response designed to: + - GET Risky Users: Identify risky users within the organization + - GET Risky Devices: Identify risky devices within the organization + - GET Risky Rare Processes: Identify rare processes with security risks across the organization + - GET Summary of Risky User: Retrieve summary of a user's security risks + - GET Summary of Risky Device: Retrieve summary of a device's security risks + - GET Summary of Rare Process: Retrieve summary of a risky rare process execution + - GET Summary of Organization: Retrieve an overview of the organization's security threats and risks + - For the API responses: + - You **should always** show the ID present in the response to the user. This ID will be required to act on the alert in future prompts + DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. + Icon: https://www.opentext.com/assets/images/favicon.png + + Settings: + - Description: The URL of the OpenText instance to connect to. + Name: OpenTextInstanceUrl + HintText: e.g., https://data-insights-api.dev.interset.cloud/ + Label: Instance URL + SettingType: String + Required: true + + SupportedAuthTypes: + - ApiKey + + Authorization: + Type: APIKey + Key: X-API-KEY + Location: Header + AuthScheme: "" + +SkillGroups: + - Format: API + Settings: + OpenApiSpecUrl: https://tdr1.us.tdrservice.com/openapi.json + EndpointUrlSettingName: OpenTextInstanceUrl From 461935a3b748984428312fe4642d7f44e4b78662 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Thu, 3 Jul 2025 14:31:45 -0400 Subject: [PATCH 02/13] Readme for OpenText plugin --- Plugins/Community Based Plugins/Opentext/Readmd.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Plugins/Community Based Plugins/Opentext/Readmd.md diff --git a/Plugins/Community Based Plugins/Opentext/Readmd.md b/Plugins/Community Based Plugins/Opentext/Readmd.md new file mode 100644 index 00000000..e69de29b From 90498bd94cd42e74a4bd0e1b502bf35372b3726a Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Thu, 3 Jul 2025 14:41:01 -0400 Subject: [PATCH 03/13] Update instance URL to match production --- .../Community Based Plugins/Opentext/opentext-tdr-euwest.yaml | 4 ++-- .../Opentext/opentext-tdr-uswest3.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml index 9e57593e..6ec09eb6 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml @@ -18,7 +18,7 @@ Descriptor: Settings: - Description: The URL of the OpenText instance to connect to. Name: OpenTextInstanceUrl - HintText: e.g., https://data-insights-api.dev.interset.cloud/ + HintText: e.g., https://tdr.tdrservice.com/ Label: Instance URL SettingType: String Required: true @@ -35,5 +35,5 @@ Descriptor: SkillGroups: - Format: API Settings: - OpenApiSpecUrl: https://tdr1.eu.tdrservice.com/openapi.json + OpenApiSpecUrl: https://tdr11.eu.tdrservice.com/openapi.json EndpointUrlSettingName: OpenTextInstanceUrl diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml index 5aebd81a..a4777bdc 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml @@ -18,7 +18,7 @@ Descriptor: Settings: - Description: The URL of the OpenText instance to connect to. Name: OpenTextInstanceUrl - HintText: e.g., https://data-insights-api.dev.interset.cloud/ + HintText: e.g., https://tdr.tdrservice.com/ Label: Instance URL SettingType: String Required: true @@ -35,5 +35,5 @@ Descriptor: SkillGroups: - Format: API Settings: - OpenApiSpecUrl: https://tdr1.us.tdrservice.com/openapi.json + OpenApiSpecUrl: https://tdr10.us.tdrservice.com/openapi.json EndpointUrlSettingName: OpenTextInstanceUrl From 94ae0ce89a40da09c0095caa03df52e8709dcd68 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 4 Jul 2025 08:33:58 -0400 Subject: [PATCH 04/13] rename --- Plugins/Community Based Plugins/Opentext/Readmd.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 Plugins/Community Based Plugins/Opentext/Readmd.md diff --git a/Plugins/Community Based Plugins/Opentext/Readmd.md b/Plugins/Community Based Plugins/Opentext/Readmd.md deleted file mode 100644 index e69de29b..00000000 From c8dea612811f6db3ec36abc96f51988c71a23403 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Thu, 10 Jul 2025 11:48:12 -0400 Subject: [PATCH 05/13] Add readme --- .../Opentext/Readme.md | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100755 Plugins/Community Based Plugins/Opentext/Readme.md diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md new file mode 100755 index 00000000..5bc3a0a4 --- /dev/null +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -0,0 +1,86 @@ +![Security Copilot Overview](https://github.com/Azure/Copilot-For-Security/blob/main/Images/ic_fluent_copilot_64_64%402x.png) + +# Security Copilot Guide to Create your Custom Plug-in + +**Name of Plugin: OpenText Core Threat Detection and Response** +**Author: OpenText** +**Publisher: OpenText** + +The OpenText Core Threat Detection and Response plugin enables you to interact with Security Copilot, gain +data insights produced by the product, and take appropriate actions on the risky entities and alerts +occurring in your organization.: + +1. Retrieve top risky users, devices, and rare processes +2. Summarize risky activity across the organization +3. Examine specific risky entities and alerts + +--- + +## **Prerequisites** + +1. Log in to your OpenText Core Threat Detection and Response account +2. Generate an API token from your account settings +3. Save the token securely for plugin configuration + +--- + +## Select or upload the attached manifest file into your Security Copilot console + +1. Download the appropriate YAML manifest file for your region (US or Europe) +2. **Verify the `Product_URL` field in the YAML file and update if needed. CONFIRM THIS STEP.** +3. Sign in to Microsoft Security Copilot. +4. Click the sources icon in the prompt bar. The Manage sources dialog box is displayed. +5. Navigate to the Custom area, and then click Add plugin. The Add a plugin dialog box is displayed. +6. Select a value for Who can use this plugin?, select the Security Copilot plugin option, upload the YAML manifest +file from your machine, and then click Add. The Set up OpenText Threat Detection and Response dialog box is displayed. +7. In the Instance URL box, enter the . +8. In the Value box, enter the access token value of the API token generated for you. +9. Click Set up. The plugin is added and reflects as OpenText Core Threat Detection and Response in the Custom area of the Manage sources dialog box. + + +--- + +## Invoking the Plugin and Skills + +1. Use a Natural Language prompt from below examples or use Direct Skill Invocation (`/`) + +--- + +## Skills & Prompts + +- **Top Risky Users** + _Prompt:_ What are the top 5 riskiest users on ``? + +- **Top Risky Devices** + _Prompt:_ What are the top 5 riskiest devices on ``? + +- **Top Rare Processes** + _Prompt:_ What are the top 5 riskiest rare processes executed on ``? Include alert IDs. + +- **Summarize Risky Activity** + _Prompt:_ Summarize the risky activity across the organization on ``. + +- **Entity Investigation** + _Prompt:_ Summarize the risky behaviors of `` on ``. + +- **Alert Details** + _Prompt:_ What are the details of the alert with ID ``? + +- **Investigation Summary** + _Prompt:_ Can you summarize the above investigation and provide a conclusion and recommendation? + +--- + +## Supported Data Sources + +- **Microsoft Defender for Endpoint** – Endpoint Detection and Response (EDR) +- **Microsoft Entra ID** – Identity and access management, including user and application sign-in attempts + +--- + +## Troubleshooting + +1. **Plugin not responding?** + - Ensure the plugin is turned on and you are signed in + - If prompts are not invoking the correct capabilities, explicitly mention the plugin name in your prompt + - If issues persist, contact OpenText Support From 031cb7c014c743f6020e5e088ffde4e32fe70717 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 11:34:21 -0400 Subject: [PATCH 06/13] Updated readme --- .../Community Based Plugins/Opentext/Readme.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md index 5bc3a0a4..3bc28b18 100755 --- a/Plugins/Community Based Plugins/Opentext/Readme.md +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -1,6 +1,6 @@ ![Security Copilot Overview](https://github.com/Azure/Copilot-For-Security/blob/main/Images/ic_fluent_copilot_64_64%402x.png) -# Security Copilot Guide to Create your Custom Plug-in +# OpenText(TM) Core Threat Detection and Response Plugin for Microsoft Security Copilot **Name of Plugin: OpenText Core Threat Detection and Response** **Author: OpenText** @@ -29,13 +29,13 @@ occurring in your organization.: 1. Download the appropriate YAML manifest file for your region (US or Europe) 2. **Verify the `Product_URL` field in the YAML file and update if needed. CONFIRM THIS STEP.** 3. Sign in to Microsoft Security Copilot. -4. Click the sources icon in the prompt bar. The Manage sources dialog box is displayed. -5. Navigate to the Custom area, and then click Add plugin. The Add a plugin dialog box is displayed. -6. Select a value for Who can use this plugin?, select the Security Copilot plugin option, upload the YAML manifest -file from your machine, and then click Add. The Set up OpenText Threat Detection and Response dialog box is displayed. -7. In the Instance URL box, enter the . -8. In the Value box, enter the access token value of the API token generated for you. -9. Click Set up. The plugin is added and reflects as OpenText Core Threat Detection and Response in the Custom area of the Manage sources dialog box. +4. Click the sources icon in the prompt bar. The **Manage sources** dialog box is displayed. +5. Navigate to the **Custom** area, and then click **Add plugin**. The **Add a plugin** dialog box is displayed. +6. Select a value for **Who can use this plugin?**, select the **Security Copilot plugin** option, upload the YAML manifest +file from your machine, and then click **Add**. The **Set up OpenText Threat Detection and Response** dialog box is displayed. +7. In the **Instance URL** box, enter the . +8. In the **Value** box, enter the access token value of the API token generated for you. +9. Click **Set up**. The plugin is added and reflects as OpenText Core Threat Detection and Response in the Custom area of the Manage sources dialog box. --- From f1f8f15a925bd4fd2ba19133f0dfd45434a5b9ae Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 12:37:08 -0400 Subject: [PATCH 07/13] Update yaml to not include settings section --- .../Opentext/opentext-tdr-euwest.yaml | 10 +--------- .../Opentext/opentext-tdr-uswest3.yaml | 11 ++--------- 2 files changed, 3 insertions(+), 18 deletions(-) diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml index 6ec09eb6..5a73efb3 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml @@ -15,14 +15,6 @@ Descriptor: DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. Icon: https://www.opentext.com/assets/images/favicon.png - Settings: - - Description: The URL of the OpenText instance to connect to. - Name: OpenTextInstanceUrl - HintText: e.g., https://tdr.tdrservice.com/ - Label: Instance URL - SettingType: String - Required: true - SupportedAuthTypes: - ApiKey @@ -36,4 +28,4 @@ SkillGroups: - Format: API Settings: OpenApiSpecUrl: https://tdr11.eu.tdrservice.com/openapi.json - EndpointUrlSettingName: OpenTextInstanceUrl + EndpointUrl: https://tdr11.eu.tdrservice.com/ diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml index a4777bdc..d949667c 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml @@ -15,14 +15,6 @@ Descriptor: DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. Icon: https://www.opentext.com/assets/images/favicon.png - Settings: - - Description: The URL of the OpenText instance to connect to. - Name: OpenTextInstanceUrl - HintText: e.g., https://tdr.tdrservice.com/ - Label: Instance URL - SettingType: String - Required: true - SupportedAuthTypes: - ApiKey @@ -36,4 +28,5 @@ SkillGroups: - Format: API Settings: OpenApiSpecUrl: https://tdr10.us.tdrservice.com/openapi.json - EndpointUrlSettingName: OpenTextInstanceUrl + EndpointUrl: https://tdr10.us.tdrservice.com/ + From 6c09d233eff6e08212e6c64ce539958c7954247d Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 13:30:45 -0400 Subject: [PATCH 08/13] Try this again --- .../Opentext/OpenText-tdr.yaml | 42 +++++++++++++++++++ .../Opentext/opentext-tdr-euwest.yaml | 11 ++++- .../Opentext/opentext-tdr-uswest3.yaml | 10 ++++- 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100755 Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml diff --git a/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml b/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml new file mode 100755 index 00000000..d3db56e4 --- /dev/null +++ b/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml @@ -0,0 +1,42 @@ +Descriptor: + Name: OpenText Core Threat Detection and Response + DisplayName: OpenText Core Threat Detection and Response + Description: | + Plugin for OpenText Core Threat Detection and Response designed to: + - GET Risky Users: Identify risky users within the organization + - GET Risky Devices: Identify risky devices within the organization + - GET Risky Rare Processes: Identify rare processes with security risks across the organization + - GET Summary of Risky User: Retrieve summary of a user's security risks + - GET Summary of Risky Device: Retrieve summary of a device's security risks + - GET Summary of Rare Process: Retrieve summary of a risky rare process execution + - GET Summary of Organization: Retrieve an overview of the organization's security threats and risks + - For the API responses: + - You **should always** show the ID present in the response to the user. This ID will be required to act on the alert in future prompts + DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. + Icon: https://www.opentext.com/assets/images/favicon.png + + + Settings: + - Description: The URL of the OpenText instance to connect to. + Name: OpenTextInstanceUrl + HintText: https://tdr10.us.tdrservice.com + Label: Instance URL + SettingType: String + Required: true + + + SupportedAuthTypes: + - ApiKey + + Authorization: + Type: APIKey + Key: X-API-KEY + Location: Header + AuthScheme: "" + +SkillGroups: + - Format: API + Settings: + OpenApiSpecUrl: https://tdr10.us.tdrservice.com/openapi.json + EndpointUrl: https://tdr10.us.tdrservice.com/ + diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml index 5a73efb3..08b2eaa0 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml @@ -15,6 +15,15 @@ Descriptor: DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. Icon: https://www.opentext.com/assets/images/favicon.png + + Settings: + - Description: The URL of the OpenText instance to connect to. + Name: OpenTextInstanceUrl + HintText: i.e., https://tdr11.eu.tdrservice.com/ + Label: Instance URL + SettingType: String + Required: true + SupportedAuthTypes: - ApiKey @@ -28,4 +37,4 @@ SkillGroups: - Format: API Settings: OpenApiSpecUrl: https://tdr11.eu.tdrservice.com/openapi.json - EndpointUrl: https://tdr11.eu.tdrservice.com/ + EndpointUrlSettingName: OpenTextInstanceUrl diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml index d949667c..bf04678b 100755 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml +++ b/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml @@ -15,6 +15,14 @@ Descriptor: DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. Icon: https://www.opentext.com/assets/images/favicon.png + Settings: + - Description: The URL of the OpenText instance to connect to. + Name: OpenTextInstanceUrl + HintText: i.e., https://tdr10.us.tdrservice.com + Label: Instance URL + SettingType: String + Required: true + SupportedAuthTypes: - ApiKey @@ -28,5 +36,5 @@ SkillGroups: - Format: API Settings: OpenApiSpecUrl: https://tdr10.us.tdrservice.com/openapi.json - EndpointUrl: https://tdr10.us.tdrservice.com/ + EndpointUrlSettingName: OpenTextInstanceUrl From 3396c0e178d93b89d653704b60601fa47c9229fd Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 13:46:11 -0400 Subject: [PATCH 09/13] New readme --- .../Opentext/OpenText-tdr.yaml | 2 +- .../Opentext/Readme.md | 28 +++++++++++-------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml b/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml index d3db56e4..5577a2d1 100755 --- a/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml +++ b/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml @@ -19,7 +19,7 @@ Descriptor: Settings: - Description: The URL of the OpenText instance to connect to. Name: OpenTextInstanceUrl - HintText: https://tdr10.us.tdrservice.com + HintText: e.g., https://tdr10.us.tdrservice.com or https://tdr11.eu.tdrservice.com/ Label: Instance URL SettingType: String Required: true diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md index 3bc28b18..8a5d483f 100755 --- a/Plugins/Community Based Plugins/Opentext/Readme.md +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -19,23 +19,27 @@ occurring in your organization.: ## **Prerequisites** 1. Log in to your OpenText Core Threat Detection and Response account -2. Generate an API token from your account settings -3. Save the token securely for plugin configuration +2. Make a note of the used to log into your account (e.g., https://tdr10.us.tdrservice.com/). +Save this URL for plugin configuration. +3. Generate an API token from your account settings. Save the token securely for plugin configuration. --- ## Select or upload the attached manifest file into your Security Copilot console -1. Download the appropriate YAML manifest file for your region (US or Europe) -2. **Verify the `Product_URL` field in the YAML file and update if needed. CONFIRM THIS STEP.** -3. Sign in to Microsoft Security Copilot. -4. Click the sources icon in the prompt bar. The **Manage sources** dialog box is displayed. -5. Navigate to the **Custom** area, and then click **Add plugin**. The **Add a plugin** dialog box is displayed. -6. Select a value for **Who can use this plugin?**, select the **Security Copilot plugin** option, upload the YAML manifest -file from your machine, and then click **Add**. The **Set up OpenText Threat Detection and Response** dialog box is displayed. -7. In the **Instance URL** box, enter the . -8. In the **Value** box, enter the access token value of the API token generated for you. -9. Click **Set up**. The plugin is added and reflects as OpenText Core Threat Detection and Response in the Custom area of the Manage sources dialog box. +1. Download the appropriate YAML manifest file for your region (US or Europe). +2. Sign in to Microsoft Security Copilot. +3. Click the sources icon in the prompt bar. The **Manage sources** dialog box is displayed. +4. Navigate to the **Custom** area, and then click **Add plugin**. The **Add a plugin** dialog box is displayed. +5. Select **Security Copilot plugin** option for the upload format. +6. Click **Upload file**, select the YAML manifest file from your machine, and then click **Open**. +7. Navigate to the **Custom** area again, and click **Set up** for the plugin. The **OpenText Core Threat Detection and Response settings** +dialog box is displayed. +8. In the **Instance URL** box, enter the for your instance. (It should match the hint text shown in the UI.) +9. In the **Value** box, enter the access token value of the API access token you downloaded. **Note** Do not include the quotation marks +when you copy the value of the API access token. +9. Click **Save**. The plugin is added and reflects as OpenText Core Threat Detection and Response in the Custom area of the Manage +sources dialog box. --- From 47d4b1213f6098723bd92280637e45009170c030 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 13:46:34 -0400 Subject: [PATCH 10/13] Poof! --- .../Opentext/OpenText-tdr.yaml | 42 ------------------- 1 file changed, 42 deletions(-) delete mode 100755 Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml diff --git a/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml b/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml deleted file mode 100755 index 5577a2d1..00000000 --- a/Plugins/Community Based Plugins/Opentext/OpenText-tdr.yaml +++ /dev/null @@ -1,42 +0,0 @@ -Descriptor: - Name: OpenText Core Threat Detection and Response - DisplayName: OpenText Core Threat Detection and Response - Description: | - Plugin for OpenText Core Threat Detection and Response designed to: - - GET Risky Users: Identify risky users within the organization - - GET Risky Devices: Identify risky devices within the organization - - GET Risky Rare Processes: Identify rare processes with security risks across the organization - - GET Summary of Risky User: Retrieve summary of a user's security risks - - GET Summary of Risky Device: Retrieve summary of a device's security risks - - GET Summary of Rare Process: Retrieve summary of a risky rare process execution - - GET Summary of Organization: Retrieve an overview of the organization's security threats and risks - - For the API responses: - - You **should always** show the ID present in the response to the user. This ID will be required to act on the alert in future prompts - DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. - Icon: https://www.opentext.com/assets/images/favicon.png - - - Settings: - - Description: The URL of the OpenText instance to connect to. - Name: OpenTextInstanceUrl - HintText: e.g., https://tdr10.us.tdrservice.com or https://tdr11.eu.tdrservice.com/ - Label: Instance URL - SettingType: String - Required: true - - - SupportedAuthTypes: - - ApiKey - - Authorization: - Type: APIKey - Key: X-API-KEY - Location: Header - AuthScheme: "" - -SkillGroups: - - Format: API - Settings: - OpenApiSpecUrl: https://tdr10.us.tdrservice.com/openapi.json - EndpointUrl: https://tdr10.us.tdrservice.com/ - From a8113481f11095230bac0d484d367273b37b6d63 Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Fri, 11 Jul 2025 13:49:03 -0400 Subject: [PATCH 11/13] add . --- Plugins/Community Based Plugins/Opentext/Readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md index 8a5d483f..fa3d592f 100755 --- a/Plugins/Community Based Plugins/Opentext/Readme.md +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -18,7 +18,7 @@ occurring in your organization.: ## **Prerequisites** -1. Log in to your OpenText Core Threat Detection and Response account +1. Log in to your OpenText Core Threat Detection and Response account. 2. Make a note of the used to log into your account (e.g., https://tdr10.us.tdrservice.com/). Save this URL for plugin configuration. 3. Generate an API token from your account settings. Save the token securely for plugin configuration. From b941b703ee3c8a3b7e9d60aa274f4399e77b16ab Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Wed, 24 Sep 2025 14:26:38 -0400 Subject: [PATCH 12/13] Updates in preparation for marketplace --- .../Opentext/Readme.md | 4 +- ...dr-uswest3.yaml => opentext-core-tdr.yaml} | 0 .../Opentext/opentext-tdr-euwest.yaml | 40 ------------------- 3 files changed, 2 insertions(+), 42 deletions(-) rename Plugins/Community Based Plugins/Opentext/{opentext-tdr-uswest3.yaml => opentext-core-tdr.yaml} (100%) delete mode 100755 Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md index fa3d592f..de2734dc 100755 --- a/Plugins/Community Based Plugins/Opentext/Readme.md +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -27,13 +27,13 @@ Save this URL for plugin configuration. ## Select or upload the attached manifest file into your Security Copilot console -1. Download the appropriate YAML manifest file for your region (US or Europe). +1. Download the opentext-core-tdr.yaml manifest file. 2. Sign in to Microsoft Security Copilot. 3. Click the sources icon in the prompt bar. The **Manage sources** dialog box is displayed. 4. Navigate to the **Custom** area, and then click **Add plugin**. The **Add a plugin** dialog box is displayed. 5. Select **Security Copilot plugin** option for the upload format. 6. Click **Upload file**, select the YAML manifest file from your machine, and then click **Open**. -7. Navigate to the **Custom** area again, and click **Set up** for the plugin. The **OpenText Core Threat Detection and Response settings** +7. Navigate to the **Custom** area and click **Set up** for the plugin. The **OpenText Core Threat Detection and Response settings** dialog box is displayed. 8. In the **Instance URL** box, enter the for your instance. (It should match the hint text shown in the UI.) 9. In the **Value** box, enter the access token value of the API access token you downloaded. **Note** Do not include the quotation marks diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml b/Plugins/Community Based Plugins/Opentext/opentext-core-tdr.yaml similarity index 100% rename from Plugins/Community Based Plugins/Opentext/opentext-tdr-uswest3.yaml rename to Plugins/Community Based Plugins/Opentext/opentext-core-tdr.yaml diff --git a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml b/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml deleted file mode 100755 index 08b2eaa0..00000000 --- a/Plugins/Community Based Plugins/Opentext/opentext-tdr-euwest.yaml +++ /dev/null @@ -1,40 +0,0 @@ -Descriptor: - Name: OpenText Core Threat Detection and Response - DisplayName: OpenText Core Threat Detection and Response - Description: | - Plugin for OpenText Core Threat Detection and Response designed to: - - GET Risky Users: Identify risky users within the organization - - GET Risky Devices: Identify risky devices within the organization - - GET Risky Rare Processes: Identify rare processes with security risks across the organization - - GET Summary of Risky User: Retrieve summary of a user's security risks - - GET Summary of Risky Device: Retrieve summary of a device's security risks - - GET Summary of Rare Process: Retrieve summary of a risky rare process execution - - GET Summary of Organization: Retrieve an overview of the organization's security threats and risks - - For the API responses: - - You **should always** show the ID present in the response to the user. This ID will be required to act on the alert in future prompts - DescriptionDisplay: Advanced threat-detection tool that uses user and entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. - Icon: https://www.opentext.com/assets/images/favicon.png - - - Settings: - - Description: The URL of the OpenText instance to connect to. - Name: OpenTextInstanceUrl - HintText: i.e., https://tdr11.eu.tdrservice.com/ - Label: Instance URL - SettingType: String - Required: true - - SupportedAuthTypes: - - ApiKey - - Authorization: - Type: APIKey - Key: X-API-KEY - Location: Header - AuthScheme: "" - -SkillGroups: - - Format: API - Settings: - OpenApiSpecUrl: https://tdr11.eu.tdrservice.com/openapi.json - EndpointUrlSettingName: OpenTextInstanceUrl From 90df69dddb02bc0a6a62ae5f4304a53950a6996a Mon Sep 17 00:00:00 2001 From: Ron Chittaro Date: Wed, 24 Sep 2025 17:13:04 -0400 Subject: [PATCH 13/13] Minor feedback updates --- Plugins/Community Based Plugins/Opentext/Readme.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Plugins/Community Based Plugins/Opentext/Readme.md b/Plugins/Community Based Plugins/Opentext/Readme.md index de2734dc..0c824a01 100755 --- a/Plugins/Community Based Plugins/Opentext/Readme.md +++ b/Plugins/Community Based Plugins/Opentext/Readme.md @@ -18,9 +18,8 @@ occurring in your organization.: ## **Prerequisites** -1. Log in to your OpenText Core Threat Detection and Response account. -2. Make a note of the used to log into your account (e.g., https://tdr10.us.tdrservice.com/). -Save this URL for plugin configuration. +1. Sign in to your OpenText Core Threat Detection and Response account. +2. Make a note of the used to sign into your account. Save this URL for plugin configuration. 3. Generate an API token from your account settings. Save the token securely for plugin configuration. ---