Hi,
Thanks to all involved for producing what is an exceptionally useful playbook!! I'm looking forward to the next iteration!
Just one typo to feedback, on page 28. Connector types, you've listed Microsoft Defender for Cloud as one of the alert sources for the Microsoft 365 Defender connector (see below).
Page 28. Connector Types
Microsoft 365 Defender – used to collect alerts from Microsoft Defender for Cloud, Microsoft 365
Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps. This is a feature rich connector which will also allow for raw data (as well as events or alerts) to be ingested if required and configured. This option enables additional threat hunting, correlation, applied threat intelligence, and advanced machine learning algorithms. The data can also be sent to the security data warehouse (ADX) for long- term data retentions. This could occur at the same time as sending to the SIEM, or it can be sent there after the SIEM has expired the data