Microsoft 365 Defender Incident Investigation Tab | Exam SC-200

Investigating Incidents in Microsoft 365 Defender

Question

Microsoft 365 Defender gives a purpose based UI to manage and examine security incidents and alerts across Microsoft 365 services.

You are a SOC Analyst working at a company XYZ that has configured Microsoft 365 Defender solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security.

You are required to monitor related alerts across all the solutions as single incident to observe the incident's full impact and do a RCA (root cause investigation)

The Microsoft Security centre portal has a fused view of incidents and actions taken on them.

When investigating a particular incident, which tab is present on the incident page?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B.

Incidents > Multi-stage incident involving Initial access & Exfiltration on multiple endpoints reported by multiple sources

© Multi-stage incident involving Initia...

Summary Alerts (25) Devices (2).—_Users (1) Investigations (3)

Mailbox Display Name
Q clove@mtptestlab01.onmicrosoft.com Q Clare Love

QQ msdo@sdfe3p1.onmicrosoft.com fet

@ Manage incident ? Consult a threat expert

Evidence and Response (8.72k)

12<>

EE Choose columns

YE 30items perpage

As a SOC Analyst working with Microsoft 365 Defender solutions, when investigating a particular incident, you can access all the related information and actions taken on it from the Microsoft Security center portal. The Microsoft 365 Defender provides a unified view of incidents and alerts across all the solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security.

When you navigate to a particular incident in the Microsoft Security center portal, you will see a tab named "Incidents" on the incident page. This tab presents a comprehensive view of the incident, including all the information related to the affected entities such as machines, mailboxes, and networks.

The "Incidents" tab provides detailed information about the incident, including a summary of the incident, related entities, related alerts, and other important details. You can review all the related alerts and take the necessary actions to investigate and remediate the incident from this tab.

Additionally, the "Machines," "Mailboxes," and "Networks" tabs on the incident page provide more specific information related to the affected entities. For example, the "Machines" tab lists all the affected machines and provides detailed information about each machine, such as its operating system, installed applications, and other relevant details. Similarly, the "Mailboxes" tab lists all the affected mailboxes and provides details such as the sender, recipient, subject, and content of the email.

In summary, when investigating a particular incident in the Microsoft Security center portal, you can access all the related information and actions taken on it from the "Incidents" tab on the incident page. The "Machines," "Mailboxes," and "Networks" tabs provide more specific information related to the affected entities.