This guide will show an administrator how to access the incident queue where a collection of correlated alerts and associated data defines a complete story of a possible attack that may have occurred on a network tied resource.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender Incident Queue
- Navigate to the Incidents – Microsoft Defender portal, here you will see a list of incidents that were flagged from devices in your network. This will help you sort through incidents to prioritize and create an informed cybersecurity response decision. If you are looking for a specific event based on a classification such as a date, severity, categories, etc. you can utilize the provided filters as desired to return the results you need to investigate.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.