9 Incidents and Security Operations

In this chapter, we’ll explore the incidents that might happen even with strong safeguards in place and the valuable insights they can reveal. We will delve into the important elements of automated remediation, examining these procedures and understanding the immediate responses. Our focus in this chapter will be establishing processes to investigate and manage all incidents generated by Defender for Office 365, leveraging automation to ease our workload, and fine-tuning our tools by pinpointing and correcting false detections.

Our processes will also be enriched by learning to break down incidents to understand the root cause, as well as how to enlist Microsoft to help with more advanced changes and improvement ...

Get Mastering Microsoft Defender for Office 365 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Microsoft Defender for Office 365 by Samuel Soto

9

Incidents and Security Operations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly