You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: unified-secops-platform/respond-threats-overview.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,7 +29,7 @@ In the Defender portal, unified support for incident correlation and integrated
29
29
30
30
### Incident correlation
31
31
32
-
In the Defender portal, related alerts from across multiple attack surfaces are grouped into a single incident, improving the efficiency of incident response. Correlating alerts from various sources such as endpoints, identities, email, and cloud workloads helps security teams gain a holistic view of an attack campaign. This comprehensive perspective allows analysts to understand the full scope of an incident, identify the root cause, and determine the most effective remediation actions.
32
+
Related alerts from across multiple attack surfaces are grouped into a single incident in the Defender portal, improving the efficiency of incident response. Correlating alerts from various sources such as endpoints, identities, email, and cloud workloads helps security teams gain a holistic view of an attack campaign. This comprehensive perspective allows analysts to understand the full scope of an incident, identify the root cause, and determine the most effective remediation actions.
33
33
34
34
The following image shows a sample collection of alerts collected into a single incident in the Defender portal. In this example, alerts from Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender XDR, Microsoft Defender for Office 365, and Microsoft Sentinel are all included in the same incident.
35
35
@@ -43,7 +43,7 @@ Threat intelligence integrates across Defender portal services to enrich alerts
43
43
44
44
Continuous updates to threat intelligence feeds keep security teams ahead of emerging threats and improve the organization's overall resilience.
45
45
46
-
The following image shows an example of the incidents related to a **Human-operated ransomware**Threat analytics report in the **Threat intelligence** area of the Defender portal.
46
+
The following image shows an example of the incidents related to a **Human-operated ransomware**threat analytics report in the **Threat intelligence** area of the Defender portal.
47
47
48
48
:::image type="content" source="media/respond-threats-overview/threat-analytics.png" alt-text="Screenshot of a list of related incidents to a specific threat." lightbox="media/respond-threats-overview/threat-analytics.png":::
49
49
@@ -91,7 +91,7 @@ Guided responses are shown together with other Copilot recommendations, as actio
91
91
92
92
The following image shows a sample of the **Guided response** section of the Copilot pane for a specific incident. If you have a lot of recommended actions to sort through, select the **Status** filter to show only some of the actions at a time
93
93
94
-
:::image type="content" source="media/respond-threats-overview/guided-response.png" alt-text="Screenshot of the Guided response section of the Copilot pane for a specific incident.":::
94
+
:::image type="content" source="media/respond-threats-overview/guided-response.png" alt-text="Screenshot of the Guided response section of the Copilot pane for a specific incident." border="false":::
95
95
96
96
For more information, see [Triage and investigate incidents with guided responses from Microsoft Copilot in Microsoft Defender](/defender-xdr/security-copilot-m365d-guided-response).
97
97
@@ -108,7 +108,7 @@ For more information, see:
108
108
109
109
## Microsoft Sentinel threat response features
110
110
111
-
Microsoft Sentinel provides cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) features for intelligent security analytics and threat intelligence across the enterprise. This section describes how Microsoft Sentinel features add to your threat detection and response capabilities.
111
+
Microsoft Sentinel provides cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) features for intelligent security analytics and threat intelligence across the enterprise. This section describes how Microsoft Sentinel features add to your response capabilities.
0 commit comments