Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!

Incident Run books

Tagged: 

Viewing 1 post (of 1 total)
  • Author
    Posts

  • confuseis
    Participant
    #623669

    Hi

    I’m looking for run books that map to the alerts and Incident types created by Defender ATP

    The idea is to have the base run book and plan before the Incident rather than reacting afterwards

    I’m aware that one size does not fit all but im sure there are best practices

    Is there a way to get a list of all the Incident & Alert categories ?

    e.g. Inc:

    Horizontal port scan initiated
    Suspicious Powershell commandline
    Suspected credential theft activity

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By