Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Microsoft Defender for Office 365

You're reading from   Mastering Microsoft Defender for Office 365 Streamline Office 365 security with expert tips for setup, automation, and advanced threat hunting

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781835468289
Length 426 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Samuel Soto Samuel Soto
Author Profile Icon Samuel Soto
Samuel Soto
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1 – Introduction and Basic Configuration FREE CHAPTER
2. Chapter 1: The Security Wild West 3. Chapter 2: Basic Components of Defender for Office 365 4. Chapter 3: Basic Checks and Balances 5. Chapter 4: Basics of Configuration 6. Part 2 - Day-to-Day Operations
7. Chapter 5: Common Troubleshooting 8. Chapter 6: Message Quarantine Procedures 9. Chapter 7: Strengthening Email Security 10. Chapter 8: Catching What Passed the Initial Controls 11. Chapter 9: Incidents and Security Operations 12. Part 3 – Making the Tool Work for Your Organization
13. Chapter 10: Magnifying the Unseen – Threat Intelligence and Reports 14. Chapter 11: Integration and Artificial Intelligence 15. Chapter 12: User Awareness and Education 16. Index 17. Other Books You May Enjoy

Incidents and more incidents

A Microsoft Defender XDR incident joins all related alerts and data, presenting a comprehensive narrative of a cyber assault. The Incidents page within Microsoft Defender XDR, also referred to as the Incidents queue, serves as a centralized hub, integrating Defender for Office 365 alerts, instrumental Automated Investigation and Response (AIR) initiatives, and the results of such in-depth investigations. These alerts are triggered by malicious or questionable activities bearing upon various entities, including emails, user accounts, and mailboxes, and help to provide intelligence on attacks in progress or those that have finished. It is commonplace for a multi-vector attack to generate an assortment of alerts across different points of origin. We can see this in the encapsulation of an aggregation of correlated alerts, in which many alerts that are triggered help create the story of how a complex attack occurred:

Figure 9.10 – The attack story of an incident

Figure 9.10 ...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image