xploring the future of security operations, I recently integrated Azure OpenAI (GPT-4 Mini) into Microsoft Sentinel using a Logic App to enhance incident investigation.

For each incident, the system automatically adds a TTP-based initial investigation comment — generated using up to 200 tokens. These insights appear directly in the incident comment section, offering immediate value for SOC analysts.

The quality of insights depends on the number of tokens used — both the prompt and the completion consume tokens. Here’s a reminder:

• Prompt tokens = used to frame the question
• Completion tokens = used for the AI’s response

Azure OpenAI pricing is token-based. For GPT-4 Mini (as of now):

• Prompt: $X.XXXX per 1,000 tokens
• Completion: $X.XXXX per 1,000 tokens (Refer to Azure pricing for updates)

This integration is just a glimpse of what’s possible when combining AI and security automation.

Let’s talk AI in cyber defense — thoughts and feedback welcome!