New Security Alerts tutorials

%3CLINGO-SUB%20id%3D%22lingo-sub-314506%22%20slang%3D%22en-US%22%3ENew%20Security%20Alerts%20tutorials%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-314506%22%20slang%3D%22en-US%22%3E%3CP%3EOver%20the%20past%20few%20months%20our%20product%20team%20worked%20to%20improve%20our%20security%26nbsp%3Balerts%2C%20descriptions%2C%20evidence%2C%20and%20logic%2C%20to%20provide%20you%20the%26nbsp%3Bmost%20complete%20picture%20of%20your%20network%20and%20easiest%20possible%20workflows%20and%20guidance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20release%202.61%20we've%20added%20extensive%20tutorials%2C%20recommendations%20and%20steps%20for%20investigations%26nbsp%3Band%20remediation%20for%20Azure%20ATP%20security%20alerts%20in%20our%20documentation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EA%20complete%20explanation%20of%26nbsp%3BAzure%20ATP%20security%20alert%20structure%20and%20available%20information%20can%20be%20found%20in%20the%20new%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Funderstanding-security-alerts%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EUnderstanding%20security%20alerts%3C%2FA%3E%20tutorial.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELike%20a%20typical%20cyber-attack%20kill%20chain%2C%20the%20alert%20tutorials%20are%20broken%20down%20by%20attack%20phase%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-reconnaissance-alerts%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EReconnaissance%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20tabindex%3D%220%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-compromised-credentials-alerts%22%20target%3D%22_blank%22%20data-text%3D%22compromised%20credential%20alerts%20%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ECompromised%20credential%20alerts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20tabindex%3D%220%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-lateral-movement-alerts%22%20target%3D%22_blank%22%20data-text%3D%22lateral%20movement%20alerts%20%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ELateral%20movement%20alerts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20tabindex%3D%220%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-domain-dominance-alerts%22%20target%3D%22_blank%22%20data-text%3D%22domain%20dominance%20alerts%20%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EDomain%20dominance%20alerts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20tabindex%3D%220%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-exfiltration-alerts%22%20target%3D%22_blank%22%20data-text%3D%22exfiltration%20alerts%20%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExfiltration%20alerts%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EWithin%20each%20phase%2C%20find%20better%20descriptions%20and%20more%20information%20about%20each%20alert%2C%20its%20classification%2C%20scope%20of%20breach%20and%20recommended%20remediation%20and%20steps%20for%20prevention.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe've%20also%20added%20explicit%20instructions%20for%20%3CU%3E%3CFONT%20color%3D%22%230b0117%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finvestigate-a-computer%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ecomputer%3C%2FA%3E%3C%2FFONT%3E%3C%2FU%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Finvestigate-a-user%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Euser%3C%2FA%3E%20investigation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20full%20list%20of%20alerts%2C%20their%20previous%20names%20and%20external%20IDs%20remain%20listed%20in%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fsuspicious-activity-guide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20ATP%20security%20alerts%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20look%20forward%20to%20your%20feedback%20and%20hope%20these%20additional%20resources%20help%20you%20capture%20the%20full%20value%20of%20Azure%20ATP.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Tali Ash
Microsoft

Over the past few months our product team worked to improve our security alerts, descriptions, evidence, and logic, to provide you the most complete picture of your network and easiest possible workflows and guidance.

 

With release 2.61 we've added extensive tutorials, recommendations and steps for investigations and remediation for Azure ATP security alerts in our documentation.

 

A complete explanation of Azure ATP security alert structure and available information can be found in the new Understanding security alerts tutorial.

 

Like a typical cyber-attack kill chain, the alert tutorials are broken down by attack phase:

Reconnaissance

Compromised credential alerts

Lateral movement alerts

Domain dominance alerts

Exfiltration alerts

Within each phase, find better descriptions and more information about each alert, its classification, scope of breach and recommended remediation and steps for prevention.

 

We've also added explicit instructions for computer and user investigation.

 

The full list of alerts, their previous names and external IDs remain listed in Azure ATP security alerts.

 

We look forward to your feedback and hope these additional resources help you capture the full value of Azure ATP.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies