- Sittadel Knowledge Base
- Management Guides
- Microsoft Defender
Defender Device Security Incident Queue
This guide will show an administrator how to access the endpoint incident queue where a collection of correlated alerts and associated data that defines the complete story of an attack can be found.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender Device Incident Queue
- Navigate to the Incidents – Microsoft Defender Verify that the Date dropdown is set to 1 week, then locate and select the Add Filter button. From the Add Filter dropdown, locate and select the Service/Detection Sources. Set the Status filter to New, In Progress and the Service/Detection Sources to Microsoft Defender for Endpoint.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.