|
Export button for incidents queue. You can now export your incidents queue to a CSV file in on click - look for the export button on top of the incident queue. |
|
Improved incident email notification is now available for Public Preview. This new capability helps you tune and configure the email notifications you receive for different alert sources and severities.
- Choose to receive email notifications only for specific service source
You can easily select specific service sources that you want to get email notifications for.
- Get more granularity with specific detection sources
If you prefer to get updates only for a specific detection source, this is now an option!
- Set the severity per detection or service source
You can choose to get email notifications only on specific severities per source. For example, you can get notified for Medium and High alerts for EDR and all severities for Microsoft Defender Experts for Hunting.
|
|
Evidence tab now has new URL and IP side panels. While handling incident, and investigating the related evidence, you can now see more information on URL and IP right from the evidence page, and pivot to the URL and IP pages in a click. |
|
Help resources are available from threat analytics and advanced hunting pages. Look for the new links to get help from the advanced hunting and threat analytics pages, which will help you ask the community and get the right guidance to take the next steps. |
|
Joining tables in KQL. This video demonstrates joining tables by using Kusto Query Language. |
|
New URL & domain pages in Microsoft 365 Defender. Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever. |
|
The power of incidents in Microsoft 365 Defender. We added new features that will further streamline your investigation, check them out. |
|
Optimizing KQL. This video demonstrates ways you can optimize Kusto Query Language.
|