You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- name: Investigate incidents ## could be incidents, threats, posture findings. Need an overview article for USX. Current overviews (XDR/Sentinel) don't appear to be updated for USX.
90
90
items:
91
-
- name: Incident response overview
92
-
href: incident-response-overview.md
93
-
- name: Incident response planning
94
-
href: incident-response-planning.md
95
-
- name: Incident investigation overview
91
+
- name: Overview
96
92
href: /defender-xdr/investigate-incidents ## Would need update to apply to USX. Per Dianne, this isn't XDR specific.
Copy file name to clipboardExpand all lines: defender-xdr/unified-secops-platform/defender-xdr-portal.md
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,11 +2,11 @@
2
2
title: Microsoft Defender XDR in the Defender portal
3
3
description: Learn about Microsoft Defender XDR in the Defender portal
4
4
search.appverid: met150
5
-
ms.service: defender-xdr
5
+
ms.service: unified-secops-platform
6
6
ms.author: cwatson
7
7
author: cwatson-cat
8
8
ms.localizationpriority: medium
9
-
ms.date: 07/16/2024
9
+
ms.date: 10/08/2024
10
10
audience: ITPro
11
11
ms.collection:
12
12
- M365-security-compliance
@@ -22,12 +22,10 @@ Microsoft's unified security platform combines services in the [Microsoft Defend
22
22
Defender XDR in the Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place. Defender XDR combines a number of Microsoft's security services into a single location.
23
23
24
24
25
-
**[Defender for Office 365](/defender-office-365/mdo-sec-ops-guid)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
26
-
**[Defender for Endpoint](/defender-endpoint/mde-sec-ops-guide)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization.
27
-
**[Defender for Identity](/defender-xdr/microsoft-365-security-center-mdi)** | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
28
-
**[Defender for Cloud Apps](/defender-xdr/microsoft-365-security-center-defender-cloud-app)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
29
-
**[Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration)** Microsoft Sentinel is a cloud services that enables security information and event management (SIEM) and Provides in the Defender portal, Microsoft Sentinel integrates with Defender XDR to provide threat protection in the unified security operations platform. Microsoft Sentinel is a a cloud-native security information and event management (SIEM) solution and security orchestration automation response. Sentinel integrates with Defender XDR to provided a unified security platform for threat detection, investigation, hunting, and response.
30
-
25
+
**[Defender for Office 365](/defender-office-365/mdo-about)** | Helps secure organizations with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
26
+
**[Defender for Endpoint](/defender-endpoint/)** | Delivers preventative protection, post-breach detection, automated investigation, and response for devices in the organization.
27
+
**[Defender for Identity](/defender-for-identity/what-is)** | Provides a cloud-based security solution that uses on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
28
+
**[Defender for Cloud Apps](/cloud-app-security/)** | Provides a comprehensive cross-SaaS and PaaS solution that brings deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
31
29
32
30
> [!NOTE]
33
31
> When you open the portal, you see only the security services included in your subscriptions. For example, if you have Defender for Office 365 but not Defender for Endpoint, you see features and capabilities for Defender for Office 365, but not for device protection.
@@ -54,7 +52,7 @@ A primary example is **Incidents** under **Incidents & alerts**.
54
52
55
53
Selecting an incident name displays a page that demonstrates the value of centralizing security information as you get better insights into the full extend of a threat, from email, to identity, to endpoints.
56
54
57
-
:::image type="content" source="../../defender/media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="../../defender/media/incidents-overview/incidents-ss-incident-summary.png":::
55
+
<!-- commenting this out as the file path will move soon and I don't want to fight with this broken link anymore. File path is changing anyway. :::image type="content" source="../../media/incidents-overview/incidents-ss-incident-summary.png" alt-text="Screenshot that shows the attack story page for an incident in the Microsoft Defender portal." lightbox="../../media/incidents-overview/incidents-ss-incident-summary.png":::-->
58
56
59
57
Take the time to review the incidents in your environment, drill down into each alert, and practice building an understanding of how to access the information and determine next steps in your analysis.
Copy file name to clipboardExpand all lines: defender-xdr/unified-secops-platform/overview-defender-portal.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: Microsoft Defender portal overview
3
3
description: Learn about the Microsoft Defender portal
4
4
search.appverid: met150
5
-
ms.service: defender-xdr
5
+
ms.service: unified-secops-platform
6
6
ms.author: cwatson
7
7
author: cwatson-cat
8
8
ms.localizationpriority: medium
@@ -33,8 +33,8 @@ The Defender portal combines a number of Microsoft security services in a single
33
33
**Service** | **Details**
34
34
--- | ---
35
35
**[Microsoft Defender XDR](defender-xdr-portal.md)** | In the Defender portal, protect against security threats to assets and resources across the organization, including devices, email and collaboration tools, SaaS cloud apps, Entra ID threats, cloud and on-premises workloads, and OT/IT resources. Get integrated incidents and alerts, threat hunting, and threat protection services and capabilities included in Defender XDR.
36
-
**[Microsoft Defender Threat Intelligence](../../defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti.md)** | From the Defender portal, conduct threat infrastructure analysis, and gather threat intelligence.
37
-
**[Microsoft Security Exposure Management](../../exposure-management/microsoft-security-exposure-management)** | In the Defender portal, get a unified view of security posture across organizational assets. Assess the security state of assets, and identify and remediate security risk to reduce attack surfaces.
36
+
**[Microsoft Defender Threat Intelligence](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti)** | From the Defender portal, conduct threat infrastructure analysis, and gather threat intelligence.
37
+
**[Microsoft Security Exposure Management](/security-exposure-management/microsoft-security-exposure-management)** | In the Defender portal, get a unified view of security posture across organizational assets. Assess the security state of assets, and identify and remediate security risk to reduce attack surfaces.
38
38
**[Microsoft Defender for Cloud](/defender-xdr/microsoft-365-security-center-defender-cloud)** | Defender for Cloud improves multicloud and on-premises security posture, and protect cloud workloads against security threats. It integrates into the Defender portal so that security teams can access Defender for Cloud alerts in the portal, providing a single location with added rich context for security investigations.
39
39
**[Microsoft Defender for IoT](/defender-for-iot/microsoft-defender-iot)** | Defender for IoT integrates into the Defender portal to identify and protect OT/IT resources by extending Defender XDR protection to OT environments.
0 commit comments