Incident Run books


Viewing 1 post (of 1 total)
  • Author

  • confuseis


    I’m looking for run books that map to the alerts and Incident types created by Defender ATP

    The idea is to have the base run book and plan before the Incident rather than reacting afterwards

    I’m aware that one size does not fit all but im sure there are best practices

    Is there a way to get a list of all the Incident & Alert categories ?

    e.g. Inc:

    Horizontal port scan initiated
    Suspicious Powershell commandline
    Suspected credential theft activity

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: