Chapter 9: Incident Management

In Chapter 7, Creating Analytic Rules, you learned that rules in analytics create incidents. These incidents can represent potential issues with your environment and need to be looked at to determine whether they are indeed an issue. Are they false positives, irrelevant to your environment, or actual issues? The way to determine this is through incident management.

There are no hard-and-fast rules for incident management, other than to look at the incidents and determine whether they are actual issues. There are various ways to do this, and this chapter will look at the options Microsoft Sentinel provides to perform these investigations, including a graphical representation of the incident, viewing the full details ...

Get Microsoft Sentinel in Action - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Sentinel in Action - Second Edition by Richard Diver, Gary Bushey, John Perkins

Chapter 9: Incident Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly