New Security Alerts tutorials


Over the past few months our product team worked to improve our security alerts, descriptions, evidence, and logic, to provide you the most complete picture of your network and easiest possible workflows and guidance.


With release 2.61 we've added extensive tutorials, recommendations and steps for investigations and remediation for Azure ATP security alerts in our documentation.


A complete explanation of Azure ATP security alert structure and available information can be found in the new Understanding security alerts tutorial.


Like a typical cyber-attack kill chain, the alert tutorials are broken down by attack phase:


Compromised credential alerts

Lateral movement alerts

Domain dominance alerts

Exfiltration alerts

Within each phase, find better descriptions and more information about each alert, its classification, scope of breach and recommended remediation and steps for prevention.


We've also added explicit instructions for computer and user investigation.


The full list of alerts, their previous names and external IDs remain listed in Azure ATP security alerts.


We look forward to your feedback and hope these additional resources help you capture the full value of Azure ATP.