locked
Runbook for common alerts RRS feed

  • Question

  • Hi 

    We have moved to office 365 and are using Azure ATP, Defender ATP and CASB (Clouid app security)  security portals

    We are getting spammed with alerts and I'm looking for run books  or equivalent for dealing with common alert scenarios

    Presently its confusing bouncing back and forth between the different security centres and there is so much text on the screen 

    Its hard to narrow information down

    e.g.   

    I notice for impossible travel alerts that VPNs are not factored in with the algorithm so need to confirm whether its a vpn          connection or a legitimate threat for every alert.   

    Ideally want to automate this but for moment need to know where to go  and what to look for etc.

    I know each scenario can be unique but wanted a guide & steps for dealing with the most common if it exists ?

    Thanks


    confuseis

    Sunday, August 25, 2019 10:50 AM

All replies