Review the following incident response playbooks to understand how to detect and contain these different types of attacks:Phishing Password spray App consent grant Compromised and malicious applications Each playbook includes:Prerequisites: The specific requirements you need to complete before starting ...
Automate threat response with Microsoft Sentinel playbooks Create and manage Microsoft Sentinel playbooks Azure Logic Apps for Microsoft Sentinel playbooks Supported triggers and actions in Microsoft Sentinel playbooks To give a managed identity access to other resources, like your Microsoft Sentinel works...
Automaticallyin response to specific alerts or incidents, when triggered by anautomation rule. For example, if an account and machine are compromised, a playbook can isolate the machine from the network and block the account by the time the SOC team is notified of the incident. ...
Extra incident response playbooksExamine guidance for identifying and investigating these other types of attacks:Password spray App consentIncident response resourcesOverview for Microsoft security products and resources for new-to-role and experienced analysts Planning for your Security Operations Center (SOC...
GeneralIncident response playbooks for Phishing and Password sprayare available in Microsoft Security Best Practices. If you are a downstream customer 1. Review, audit, and minimize access privileges and delegated permissions It is important to consider and implement a least-privile...
Deepen your incident response knowledge with this episode, focused on malware investigations. DEX-XDR threat hunter and Principal Security Researcher Michael Melone introduces you to the incident response playbook for managing malware incidents effectively. Guest: Michael Melone Microsoft Incident response...
When the Microsoft Incident Response team determines a threat actor has had extensive access to a customer’s identity plane, a mass password reset may be the best option to restore environment security and prevent unauthorized access. Here are a few of the first questions we ask: When should ...
This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s (MSRC) Software and Services Incident Response Plan (SSIRP). Our previous posts discus
8 Steps to CMMC for Incident Response Maturity with Microsoft Azure 1) Establish an Incident Response Capability Establishing an incident response capability is the foundation of combating threats to your environment. Incident response is geared to protect the organization’s information, as well as its...
Microsoft Certifications renewal is now available for free on Microsoft Learn to support individuals who want to keep their technical skills up to date. This lets people spend more time building their technical skills and certifying their knowledge, while reducing the stress, complexity and costs asso...