You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/investigate-alerts.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -122,8 +122,8 @@ Microsoft Defender XDR alerts come from solutions like Microsoft Defender for En
122
122
| Microsoft Defender XDR |`ra{GUID}` <br> `ta{GUID}` for alerts from ThreatExperts <br> `ea{GUID}` for alerts from custom detections |
123
123
| Microsoft Defender for Office 365 |`fa{GUID}` <br> Example: `fa123a456b-c789-1d2e-12f1g33h445h6i`|
124
124
| Microsoft Defender for Endpoint |`da{GUID}` <br> `ed{GUID}` for alerts from custom detections |
125
-
| Microsoft Defender for Identity |`aa{GUID}` <br> `ri{GUID}` for alerts from XDR detection engine <br> Example: `aa123a456b-c789-1d2e-12f1g33h445h6i`, `ri638724443630474445_-1629192583`|
126
-
| Microsoft Defender for Cloud Apps |`ca{GUID}` <br> `rm{GUID}` for alerts from XDR detection engine <br> Example: `ca123a456b-c789-1d2e-12f1g33h445h6i`|
125
+
| Microsoft Defender for Identity |`aa{GUID}` <br> `ri{GUID}` for alerts from XDR detection engine <br> Example: `aa123a456b-c789-1d2e-12f1g33h445h6i`, `ri001122334455667788_-0123456789`|
126
+
| Microsoft Defender for Cloud Apps |`ca{GUID}` <br> `ma{GUID}` for alerts from App Governance detections and policies <br> `rm{GUID}` for alerts from XDR detection engine <br> Example: `ca123a456b-c789-1d2e-12f1g33h445h6i`|
127
127
| Microsoft Entra ID Protection |`ad{GUID}`|
128
128
| App Governance |`ma{GUID}`|
129
129
| Microsoft Data Loss Prevention |`dl{GUID}`|
@@ -212,7 +212,7 @@ The **Recommendations** tab provides next-step actions and advice for investigat
212
212
213
213
## Tune an alert
214
214
215
-
As a security operations center (SOC) analyst, one of the top issues is triaging the sheer number of alerts that are triggered daily. An analyst's time is valuable, wanting to focus only on high severity and high priority alerts. Meanwhile, analysts are also required to triage and resolve lower priority alerts, which tends to be a manual process.
215
+
As a security operations center (SOC) analyst, one of the top issues is triaging the sheer number of alerts that are triggered daily. An analyst's time is valuable, wanting to focus only on high severity and high priority alerts. Meanwhile, analysts are also required to triage and resolve lower priority alerts, which tend to be a manual process.
216
216
217
217
Alert tuning, previously known as *alert suppression*, provides the ability to tune and manage alerts in advance. This streamlines the alert queue and saves triage time by hiding or resolving alerts automatically, each time a certain expected organizational behavior occurs and rule conditions are met.
0 commit comments