Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Microsoft Defender ATP built-in threat summary and health reports
Published Apr 01 2019 11:52 AM 7,921 Views
Microsoft

Has your CISO ever asked for an overview of your SOC data?
Ever find yourself needing to take a step back to gain a broader perspective on the state of your environment? Or maybe found yourself in the middle of an investigation thinking that you might be missing something bigger?

The Microsoft Defender ATP reporting dashboard is here to answer your needs.

 

pic-1.png
The threat protection reporting dashboard provides alert information over time, as well as aggregated threat protection views.
Knowing the trends and summaries in your organization can help identify where focused improvements can be made.

Let’s take some examples:

  • If you see an increasing trend of social engineering related alerts, it might mean that it’s time to refresh or educate users in your organization on how to avoid falling prey to social engineering tactics.
  • If you see many alerts related to credential theft, you might consider updating authentication methods, such as adding Multi-factor authentication (MFA) and applying Conditional access policies to automatically safeguard your corporate data.
  • If you see multiple new High alerts in the system, it could indicate that a serious incident is taking place. Think about turning on Auto Investigation and remediation to immediately resolve alerts.

To address scenarios like the ones mentioned above, we’re happy to introduce the built-in reports in Microsoft Defender ATP, along with powerful filtering capabilities that let you target issues.

 

* If you’re using an external system (such as a SIEM or ticketing system) to manage (and resolve) alerts, you’ll be missing all of this out-of-the-box (and already paid for ;)) value. But don’t worry! We have made it super easy to sync the alerts state back to the portal – more details are available here.

 

While analyzing Microsoft Defender ATP alerts using built-in threat protection reports provide great insights into your environment, a vital question remains: “How do I track the health state of the Microsoft Defender ATP threat agents?”. A simple analogy to this would be like installing a robust alarm system in your home, but not turning on when you head out. Surely this is not a scenario we’d like to happen.
Once again, the Microsoft Defender ATP dashboard is here to the rescue.

 

pic-2.png

 

We've continuously been enriching the built-in reports with summaries and trends over time to give you the best view of where improvements to your security estate can be made. Enhancements include:

  • The health state of the main telemetry collection client now enables you to assess the state of the alarm system. But please don’t stop at fixing what is broken now! Ever wanted to get a sense of how broad infrastructure changes (like update firewall policies, replace proxies at the network edges, etc.) impact your environment? Voila – cross reference the health state trend with your infrastructure change, and now you know :smiling_face_with_smiling_eyes:
  • Alarms are important, but what if you could have prevented the event from happening all together? Antivirus status for active Windows 10 machines will provide exactly that information – a unique point of view into the Windows Defender Antivirus state now, and over time (this goes back to the broad infrastructure changes conversation we just had).
  • Closely knowing the status of your estate has a great value by itself, especially in the security defense domain. After all staying current is the number 1 advise.

 

These reports we’ve rolled out are largely driven by your feedback! So please continue to share them with us through the portal by clicking the frowny / smiley face – let us know what you like and works good for you and where we can improve and provide broader coverage to your needs.

 

Thank you!
Microsoft Defender ATP Team

1 Comment
Version history
Last update:
‎Apr 01 2019 11:52 AM
Updated by: