In an effort to help them security experts To address the critical security alerts they receive daily, Microsoft has activated its Automated Incident Response in Office 365 Advanced Threat Protection (ATP) for business customers.
The colossus automation feature is designed to help security analysts respond to alerts faster and more systematically.
In a recent post, Microsoft announced that it has two categories of automated incident response to its customers. The first category is for automated surveys triggered in response to new alerts that appear when users report phishing emails, click on a malicious link or when malicious emails or emails are detected "fishing”In the mailboxes.
The second category consists of surveys that start manually and use Microsoft's 'automated playbook' sequences to reach the source of different scenarios and types attack.
Rich security manuals
Microsoft automation follows rich security lists, which are essentially a series of carefully recorded steps that security teams can use to thoroughly investigate a warning. They also offer a number of recommended actions to limit and mitigate a risk.
Company manuals associate similar emails sent or received within an organization to detect suspicious activity for users. Microsoft gives some examples of flagged activities on its website, citing mail forwarding, mail forwarding, Office 365 Office 365 Data Loss Prevention (DLP), and suspicious email templates.
As part of Microsoft Threat Protection, these manuals also incorporate alerts and scans from Microsoft Cloud App Security and Microsoft Defender ATP.
The organizations having either an Office 365 ATP Plan 2 plan or an Office 365 Enterprise E5 program can benefit from the company's automated response capabilities.