Hi
We have moved to office 365 and are using Azure ATP, Defender ATP and CASB (Clouid app security) security portals
We are getting spammed with alerts and I'm looking for run books or equivalent for dealing with common alert scenarios
Presently its confusing bouncing back and forth between the different security centres and there is so much text on the screen
Its hard to narrow information down
e.g.
I notice for impossible travel alerts that VPNs are not factored in with the algorithm so need to confirm whether its a vpn connection or a legitimate threat for every alert.
Ideally want to automate this but for moment need to know where to go and what to look for etc.
I know each scenario can be unique but wanted a guide & steps for dealing with the most common if it exists ?
Thanks
confuseis
