Microsoft 365 Defender Incident Investigation: Tab on Incident Page

Investigating Incidents: Tab on Incident Page

Question

Microsoft 365 Defender gives a purpose based UI to manage and examine security incidents and alerts across Microsoft 365 services.

You are a SOC Analyst working at a company XYZ that has configured Microsoft 365 Defender solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security.

You are required to monitor related alerts across all the solutions as single incident to observe the incident's full impact and do a RCA (root cause investigation)

The Microsoft Security centre portal has a fused view of incidents and actions taken on them.

When investigating a particular incident, which tab is present on the incident page?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B.

Incidents > Multi-stage incident involving Initial access & Exfiltration on multiple endpoints reported by multiple sources

© Multi-stage incident involving Initia...

Summary Alerts (25) Devices (2).—_Users (1) Investigations (3)

Mailbox Display Name
Q clove@mtptestlab01.onmicrosoft.com Q Clare Love

QQ msdo@sdfe3p1.onmicrosoft.com fet

@ Manage incident ? Consult a threat expert

Evidence and Response (8.72k)

12<>

EE Choose columns

YE 30items perpage

As a SOC analyst working at a company that has configured Microsoft 365 Defender solutions, including Defender for Endpoint, Defender for Identity, Defender for Office 365, and Cloud App Security, you are required to monitor related alerts across all the solutions as a single incident to observe the incident's full impact and perform a root cause investigation.

When investigating a particular incident in the Microsoft Security Center portal, the tab present on the incident page is "Incidents." The Incidents tab displays all the relevant information related to the incident in question, such as the incident's severity level, the affected resources, and the recommended actions to take.

The Incidents tab provides a comprehensive view of the incident's details, including its timeline and related alerts, enabling SOC analysts to conduct a root cause analysis effectively. Additionally, the Incidents tab also provides an option to add notes and comments related to the incident for future reference and collaboration with other analysts.

Therefore, the correct answer to the question is option D, "Incidents."