AI agents in Copilot Studio may be attempting to communicate with external command-and-control servers via non-standard ports, which could indicate malicious network activity. SOC teams should proactively hunt for this behavior in Azure Sentinel to identify potential compromise or exfiltration attempts that evade standard detection mechanisms.
KQL Query
AIAgentsInfo
| where RegistrySource != "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| mvexpand Topic = AgentTopicsDetails
| where Topic has "HttpRequestAction"
| extend TopicActions = Topic.beginDialog.actions
| mvexpand action = TopicActions
| where action['$kind'] == "HttpRequestAction"
| extend Url = tostring(action.url.literalValue)
| extend ParsedUrl = parse_url(Url)
| extend Port = tostring(ParsedUrl["Port"])
| where isnotempty(Port) and Port != "443"
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, ParsedUrl, Url, Port, AgentStatus, CreatorAccountUpn, OwnerAccountUpns, Topic
id: 6f1a5b7c-8d9e-0f1a-2b3c-4d5e6f7a8b9c
name: Copilot Studio AI Agents - HTTP Requests to Non-standard Ports
description: |
This query identifies Copilot Studio AI agents that send HTTP requests to endpoints using non-standard ports (other than 443).
Communication over uncommon ports can indicate suspicious activity, unauthorized network communication, or attempts to bypass security controls.
Such behavior may expose sensitive data or create opportunities for attackers to exploit less-monitored channels.
Recommended Action: Review these agents to confirm whether using non-standard ports is necessary for the business scenario.
If not required, update configurations to use standard secure ports (443 for HTTPS).
For legitimate use cases, document the justification and apply compensating controls such as network monitoring and firewall rules.
requiredDataConnectors: []
tactics:
- CommandAndControl
- Exfiltration
relevantTechniques:
- T1071
- T1041
query: |
AIAgentsInfo
| where RegistrySource != "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| mvexpand Topic = AgentTopicsDetails
| where Topic has "HttpRequestAction"
| extend TopicActions = Topic.beginDialog.actions
| mvexpand action = TopicActions
| where action['$kind'] == "HttpRequestAction"
| extend Url = tostring(action.url.literalValue)
| extend ParsedUrl = parse_url(Url)
| extend Port = tostring(ParsedUrl["Port"])
| where isnotempty(Port) and Port != "443"
| project-reorder AgentCreationTime, AIAgentId, AIAgentName, ParsedUrl, Url, Port, AgentStatus, CreatorAccountUpn, OwnerAccountUpns, Topic
entityMappings:
- entityType: Account
fieldMappings:
- identifier: FullName
columnName: CreatorAccountUpn
- entityType: Host
fieldMappings:
- identifier: HostName
columnName: AIAgentName
- entityType: URL
fieldMappings:
- identifier: Url
columnName: Url
version: 1.0.0Scenario: Scheduled backup job using a non-standard port for internal monitoring
Filter/Exclusion: process.name != "backup_scheduler" or destination.port != 8081 (if the backup tool uses a known internal monitoring port)
Scenario: Admin task to test custom API endpoint on a non-standard port
Filter/Exclusion: process.name != "api_test_tool" or destination.port != 8080 (if the test tool is known to use a specific non-standard port)
Scenario: Internal CI/CD pipeline using a non-standard port for internal service communication
Filter/Exclusion: process.name != "ci_cd_pipeline" or destination.port != 8088 (if the CI/CD tool is known to use a specific non-standard port)
Scenario: Database replication using a non-standard port for internal synchronization
Filter/Exclusion: process.name != "db_replication_tool" or destination.port != 5432 (if the replication tool uses a known non-standard port)
Scenario: Internal monitoring tool using a non-standard port for metrics collection
Filter/Exclusion: process.name != "prometheus_exporter" or destination.port != 9100 (if the monitoring tool is known to use a specific non-standard port)