Become a Microsoft 365 Defender Ninja

Published Oct 19 2020 08:53 AM 54.7K Views
Microsoft

Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. This Ninja blog covers the features and functions of Microsoft 365 Defender – everything that goes across the workloads, but not the individual workloads themselves. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert.

 

In addition, after each level, we offer you a knowledge check based on the training material you have just finished! Since there’s a lot of content, the goal of the knowledge checks is to help ensure understanding of the key concepts that were covered. Lastly, there’ll be a fun certificate issued at the end of the training: Disclaimer: This is not an official Microsoft certification and only acts as a way of recognizing your participation in this training content.

 

I want to give kudos to my colleagues: @Sarahzin for letting me copy from her MCAS Ninja training, @DanEdwards for helping me automate the certificate distribution and @Tali Ash for helping me pull the questions together! Thank you!

 

We will keep updating this training on a regular basis and highlight new resources.

 

If you already did the training, you can focus on the latest updates (January update)

 

Table of Contents

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Module 4. Advanced hunting

Module 5. Self-healing

Module 6. Community (blogs, webinars, GitHub)

 

Security Operations Intermediate

Module 1. Architecture

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Module 5. Build your own lab

Module 7. Reporting

 

Security Operations Expert

Module 1. Incidents

Module 2. Advanced hunting

Module 3. APIs, custom reports, SIEM & other integrations

 

Legend:

vid.png Product videos

webcast.png Webcast recordings

TechCommunity.png Tech Community

docs.png Docs on Microsoft

blogs.png Blogs on Microsoft

GitHub.png GitHub

⤴ External

InteractiveGuides.png Interactive guides

 

 

Security Operations Fundamentals

Module 1. Technical overview

Module 2. Getting started

Module 3. Investigation – Incident

Module 4. Advanced hunting

Module 5. Self-healing

Module 6. Community (blogs, webinars, GitHub)

 

> Ready for the Fundamentals Knowledge Check

 

Security Operations Intermediate

Module 1.  Architecture

Module 2. Investigation

Module 3. Advanced hunting

Module 4. Automated investigation and remediation

Module 6. Self-healing

Module 5. Build your own lab

Module 7. Reporting

 

> Ready for the Intermediate Knowledge Check

 

Security Operations Expert

Module 1. Incidents

Module 2. Advanced hunting

Module 3. APIs, custom reports, SIEM & other integrations

 

> Ready for the Expert Knowledge Check

 

Once you’ve finished the training and the knowledge checks, please click here to request your certificate (you'll see it in your inbox within 3-5 business days.

24 Comments
Valued Contributor

Thank you for sharing, for the top part when there are Modules, when click on the link it will open new tab. If possible please make it like navigate inside this page (instead of opening new tab), while for other links opening new tab is fine because it is new website.

Microsoft

@Reza_Ameri-Archived  weird, it should open in the same page. Thanks for the info, I will check again

Trusted Contributor

Thanks! And @Reza_Ameri-Archived it open in the same page for me.

Microsoft

@Kam & @Reza_Ameri-Archived  I just fixed it quickly :) Thanks again!! 

Valued Contributor

@Heike Ritter 

Please consider add these contents in Microsoft Learn platform too.

Microsoft

Great work @Heike Ritter !

Occasional Contributor

I cannot wait to go through the security modules. Awesome job!

Microsoft

Hi Heike,
great Learning Stuff for my customers and an excellent detailed overview!!
thanks

Contributor

Awesome post. put it on my ToDo learn list.

Thans for this great post @Heike Ritter !

Frequent Visitor

Great resource!  Thanks for sharing.

New Contributor

Thanks @Heike Ritter for sharing your knowledge with us. Great stuff and well-detailed.:smile:

Honored Contributor

Great blog post, lots of useful information, bookmarking this page for future reference :)

Occasional Visitor

Great resource!  Thanks for sharing too.:clapping_hands:

New Contributor

awesome resources @Heike Ritter 

Microsoft

I am a new starter and this is great! 

Senior Member

Very interesting and useful.
Thank you @Heike Ritter

Regular Visitor

Thanks for the training, I have successfully passed the evaluation, I share my certificate: DM365 Defender.PNG

Microsoft

Very good . Thank you

Completed, I'm a Ninja in Microsoft 365 Defender.

Occasional Visitor

Hi,

Do we have an estimation of the time requested to complete this training ?

Thanks in advance

Regular Visitor

I found this wonderful learning content on MSLearn SC-200 Microsoft Defender for Endpoints. I understood the features of Microsoft Defender. I'll recommend this Ninja contents to my colleagues. Thanks,

Occasional Contributor

Thanks for providing this great ninja training resource @Heike Ritter 

 

The last section "Security Operations Expert" provides links to the same documentation for "Prioritze incidents", "Manage incidents" and "Report false positives/negatives" that is already coverd in the "Security Operations Intermediate" section (see screenshot below).

I am not sure if this was intentional but I guess it doesn't hurt to read about it twice :D

 

ms-defender-ninja.jpg

Occasional Visitor

There are some overlapping materials along the learning journey.

%3CLINGO-SUB%20id%3D%22lingo-sub-1796168%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796168%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20sharing%2C%20for%20the%20top%20part%20when%20there%20are%20Modules%2C%20when%20click%20on%20the%20link%20it%20will%20open%20new%20tab.%20If%20possible%20please%20make%20it%20like%20navigate%20inside%20this%20page%20(instead%20of%20opening%20new%20tab)%2C%20while%20for%20other%20links%20opening%20new%20tab%20is%20fine%20because%20it%20is%20new%20website.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796202%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796202%22%20slang%3D%22en-US%22%3E%3CP%3EThanks!%20And%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3Bit%20open%20in%20the%20same%20page%20for%20me.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796226%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796226%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F565232%22%20target%3D%22_blank%22%3E%40Kam%3C%2FA%3E%26nbsp%3B%26amp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza%20Ameri%3C%2FA%3E%26nbsp%3B%20I%20just%20fixed%20it%20quickly%20%3A)%3C%2Fimg%3E%20Thanks%20again!!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796270%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796270%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20consider%20add%20these%20contents%20in%20Microsoft%20Learn%20platform%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796967%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796967%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20work%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1800097%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1800097%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Heike%2C%3CBR%20%2F%3Egreat%20Learning%20Stuff%20for%20my%20customers%20and%20an%20excellent%20detailed%20overview!!%20%3CBR%20%2F%3Ethanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1804692%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1804692%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome%20post.%20put%20it%20on%20my%20ToDo%20learn%20list.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1811391%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1811391%22%20slang%3D%22en-US%22%3E%3CP%3EThans%20for%20this%20great%20post%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1847242%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1847242%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20resource!%26nbsp%3B%20Thanks%20for%20sharing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1874895%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1874895%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3Bfor%20sharing%20your%20knowledge%20with%20us.%20Great%20stuff%20and%20well-detailed.%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1881123%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1881123%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20blog%20post%2C%20lots%20of%20useful%20information%2C%20bookmarking%20this%20page%20for%20future%20reference%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113242%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113242%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20a%20new%20starter%20and%20this%20is%20great!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1789376%22%20slang%3D%22en-US%22%3EBecome%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1789376%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20365%20Defender%2C%20part%20of%20Microsoft%E2%80%99s%20XDR%20solution%2C%20leverages%20the%20Microsoft%20365%20security%20portfolio%20to%20automatically%20analyze%20threat%20data%20across%20domains%2C%20building%20a%20complete%20picture%20of%20each%20attack%20in%20a%20single%20dashboard.%20This%20Ninja%20blog%20covers%20the%20features%20and%20functions%20of%20Microsoft%20365%20Defender%20%E2%80%93%20everything%20that%20goes%20across%20the%20workloads%2C%20but%20not%20the%20individual%20workloads%20themselves.%20The%20content%20is%20structured%20into%20three%20different%20knowledge%20levels%2C%20with%20multiple%20modules%3A%20Fundamentals%2C%20Intermediate%2C%20and%20Expert.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20addition%2C%20after%20each%20level%2C%20we%20offer%20you%20a%26nbsp%3B%3CSTRONG%3Eknowledge%20check%26nbsp%3B%3C%2FSTRONG%3Ebased%20on%20the%20training%20material%20you%20have%20just%20finished!%20Since%20there%E2%80%99s%20a%20lot%20of%20content%2C%20the%20goal%20of%20the%20knowledge%20checks%20is%20to%20help%20ensure%20understanding%20of%20the%20key%20concepts%20that%20were%20covered.%20Lastly%2C%20there%E2%80%99ll%20be%20a%20fun%26nbsp%3B%3CSTRONG%3Ecertificate%3C%2FSTRONG%3E%26nbsp%3Bissued%20at%20the%20end%20of%20the%20training%3A%20Disclaimer%3A%26nbsp%3B%3CSTRONG%3EThis%20is%20not%20an%20official%20Microsoft%20certification%20and%20only%20acts%20as%20a%20way%20of%20recognizing%20your%20participation%20in%20this%20training%20content%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20want%20to%20give%20kudos%20to%20my%20colleagues%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F708110%22%20target%3D%22_blank%22%3E%40Sarahzin%3C%2FA%3E%26nbsp%3Bfor%20letting%20me%20copy%20from%20her%20MCAS%20Ninja%20training%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F809429%22%20target%3D%22_blank%22%3E%40DanEdwards%3C%2FA%3E%20for%20helping%20me%20automate%20the%20certificate%20distribution%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F104809%22%20target%3D%22_blank%22%3E%40Tali%20Ash%3C%2FA%3E%26nbsp%3Bfor%20helping%20me%20pull%20the%20questions%20together!%20Thank%20you!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20will%20keep%20updating%20this%20training%20on%20a%20regular%20basis%20and%20highlight%20new%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EIf%20you%20already%20did%20the%20training%2C%20you%20can%20focus%20on%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-365-defender-ninja-training-january-2021-update%2Fba-p%2F2103073%22%20target%3D%22_blank%22%3Elatest%20updates%3C%2FA%3E%26nbsp%3B(January%20update)%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3E%3CSTRONG%3ETable%20of%20Contents%3C%2FSTRONG%3E%3C%2FU%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749480%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Fundamentals%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749481%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Technical%20overview%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749482%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Getting%20started%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749483%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749484%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%204.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749485%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%205.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749505%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%206.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749486%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Intermediate%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749487%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Architecture%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749488%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Investigation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749496%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749497%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749498%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%206.%20Self-healing%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749499%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%205.%20Build%20your%20own%20lab%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749500%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%207.%20Reporting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749501%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%3CSTRONG%3ESecurity%20Operations%20Expert%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749502%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%201.%20Incidents%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749503%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%202.%20Advanced%20hunting%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22%23_Toc53749504%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELegend%3A%3C%2FP%3E%0A%3CTABLE%20border%3D%221%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%20Product%20videos%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webcast%20recordings%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%20Tech%20Community%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Docs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BBlogs%20on%20Microsoft%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BGitHub%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%E2%A4%B4%20External%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BInteractive%20guides%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22208.889px%22%20height%3D%2227px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236347108%22%20id%3D%22toc-hId--1236199053%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749321%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749480%22%3E%3C%2FA%3ESecurity%20Operations%20Fundamentals%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545785634%22%20id%3D%22toc-hId--545637579%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749322%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749481%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281201%22%3E%3C%2FA%3EModule%201.%20Technical%20overview%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzww%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EShort%20overview%20%E2%80%9CWhat%20is%20Microsoft%20365%20Defender%22%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4HcEU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew%20value%20for%20Defender%20for%20Identity%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4HhT6%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew%20value%20for%20Defender%20for%20Office%20365%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F%3Fp%3D91813%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EXDR%20announcement%20blog%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941727199%22%20id%3D%22toc-hId-1941875254%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281202%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749323%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749482%22%3E%3C%2FA%3EModule%202.%20Getting%20started%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BmvV%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQuick%20tutorial%20to%20get%20you%20started%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-enable%3Fview%3Do365-worldwide%23starting-the-service%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EStarting%20the%20service%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fprepare-mtpeval%3Fview%3Do365-worldwide%23prepare-your-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrepare%20your%20Azure%20Active%20Directory%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-permissions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20access%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4LWeP%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvide%20your%20feedback%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134272736%22%20id%3D%22toc-hId-134420791%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281206%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749324%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749483%22%3E%3C%2FA%3EModule%203.%20Investigation%20%E2%80%93%20Incident%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bzwz%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWork%20with%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fget-email-notifications-on-new-incidents-from-microsoft-365%2Fba-p%2F2012518%22%20target%3D%22_blank%22%3EGet%20email%20notifications%20on%20new%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fimproved-incident-queue-in-microsoft-365-defender%2Fba-p%2F1872084%22%20target%3D%22_blank%22%3EImproved%20incident%20queue%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4LHJq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EClassification%20of%20incidents%20%26amp%3B%20alerts%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fsee-how-consolidated-incidents-improve-soc-efficiency-through%2Fba-p%2F1557341%22%20target%3D%22_blank%22%3ESee%20how%20consolidated%20incidents%20improve%20SOC%20efficiency%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fmslearn.cloudguides.com%2Fen-us%2Fguides%2FProtect%2520your%2520organization%2520with%2520Microsoft%2520Threat%2520Protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22InteractiveGuides.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205067iF93A500E533F67FB%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22InteractiveGuides.png%22%20alt%3D%22InteractiveGuides.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BProtect%20your%20organization%20with%20Microsoft%20365%20Defender%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673181727%22%20id%3D%22toc-hId--1673033672%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749325%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749484%22%3E%3C%2FA%3EModule%204.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4Bp7O%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EQuick%20overview%20%26amp%3B%20a%20short%20tutorial%20that%20will%20get%20you%20started%20fast%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-query-language%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20the%20query%20language%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-schema-tables%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EUnderstand%20the%20schema%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814331106%22%20id%3D%22toc-hId-814479161%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749326%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749485%22%3E%3C%2FA%3EModule%205.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22vid.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205057i34B332A44C6F17B2%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22vid.png%22%20alt%3D%22vid.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fvideoplayer%2Fembed%2FRE4BzwB%3Frel%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EHow%20automation%20works%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--993123357%22%20id%3D%22toc-hId--992975302%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281229%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749346%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749505%22%3E%3C%2FA%3EModule%206.%20Community%20(blogs%2C%20webinars%2C%20GitHub)%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fbg-p%2FMicrosoftThreatProtectionBlog%22%20target%3D%22_blank%22%3EMicrosoft%20Threat%20Protection%20Blog%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22TechCommunity.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205059iE2A42D8A7F13D7BC%2Fimage-dimensions%2F17x19%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22TechCommunity.png%22%20alt%3D%22TechCommunity.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fmtptc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETech%20Community%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%3Abackhand_index_pointing_right%3A%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FFM3Phjteth%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFundamentals%26nbsp%3BKnowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003626461%22%20id%3D%22toc-hId--1003478406%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281212%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749327%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749486%22%3E%3C%2FA%3E%3CSPAN%3ESecurity%20Operations%20Intermediate%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--313064987%22%20id%3D%22toc-hId--312916932%22%3EModule%201.%26nbsp%3B%26nbsp%3B%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281213%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749328%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749487%22%3E%3C%2FA%3EArchitecture%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fdata-privacy%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Threat%20Protection%20data%20security%20and%20privacy%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120519450%22%20id%3D%22toc-hId--2120371395%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281216%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749329%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749488%22%3E%3C%2FA%3EModule%202.%20Investigation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F07%2F09%2Finside-microsoft-threat-protection-correlating-and-consolidating-attacks-into-incidents%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECorrelating%20and%20consolidating%20attacks%20into%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Finvestigate-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EInvestigate%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F06%2F18%2Finside-microsoft-threat-protection-mapping-attack-chains-from-cloud-to-endpoint%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMapping%20attack%20chains%20from%20cloud%20to%20endpoint%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fmicrosoft-defender-for-office-365-investigation-improvements%2Fba-p%2F1947236%22%20target%3D%22_blank%22%3EInvestigation%20improvements%20for%20Microsoft%20Defender%20for%20Office%20365%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328170096%22%20id%3D%22toc-hId--328022041%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749337%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749496%22%3E%3C%2FA%3EModule%203.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fmicrosoft-threat-protection-advanced-hunting-cheat-sheet%2Fba-p%2F1505100%22%20target%3D%22_blank%22%3EAdvanced%20hunting%20cheat%20sheet%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%20Webinar%20series%2C%20episode%201%3A%20KQL%20fundamentals%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP15JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F0D9TkGjeJwM%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fadvanced-hunting-best-practices%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdvanced%20hunting%20query%20best%20practices%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fhunt-across-cloud-app-activities-with-microsoft-365-defender%2Fba-p%2F1893857%22%20target%3D%22_blank%22%3EHunt%20across%20cloud%20app%20activities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fadditional-email-data-in-advanced-hunting%2Fba-p%2F1985849%22%20target%3D%22_blank%22%3EUse%20additional%20email%20data%20in%20your%20hunting%20queries%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fazure-active-directory-audit-logs-now-available-in-advanced%2Fba-p%2F1999523%22%20target%3D%22_blank%22%3EUse%20Azure%20Active%20Directory%20audit%20log%20data%20in%20advanced%20hunting%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fhunt-for-azure-active-directory-sign-in-events%2Fba-p%2F2040278%22%20target%3D%22_blank%22%3EHunt%20for%20Azure%20Active%20Directory%20sign-in%20events%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fmicrosoft%2FMicrosoft-365-Defender-Hunting-Queries%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22GitHub.png%22%20style%3D%22width%3A%2018px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205065i083675CF15D6F1EF%2Fimage-dimensions%2F18x18%3Fv%3D1.0%22%20width%3D%2218%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22GitHub.png%22%20alt%3D%22GitHub.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BAdvanced%20hunting%20queries%20on%20GitHub%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135624559%22%20id%3D%22toc-hId--2135476504%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281217%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749338%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749497%22%3E%3C%2FA%3EModule%204.%20Automated%20investigation%20and%20remediation%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-remediation-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Remediation%20actions%20following%20automated%20investigations%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Approve%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-351888274%22%20id%3D%22toc-hId-352036329%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749339%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749498%22%3E%3C%2FA%3EModule%206.%20Self-healing%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELearn%20about%20the%20various%20AIR%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fself-healing-in-microsoft-365-defender%2Fba-p%2F1729527%22%20target%3D%22_blank%22%3ESelf-healing%20explained%20based%20on%20an%20example%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-configure-auto-investigation-response%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EConfigure%20automated%20investigation%20and%20response%20capabilities%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EApprove%20or%20reject%20pending%20actions%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-actions%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20a%20false%20positive%2Fnegative%20to%20Microsoft%20for%20analysis%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-threat-protection%2Fthe-action-center-in-microsoft-threat-protection-your-one-stop%2Fba-p%2F1550178%22%20target%3D%22_blank%22%3EThe%20action%20center%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455566189%22%20id%3D%22toc-hId--1455418134%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749340%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749499%22%3E%3C%2FA%3EModule%205.%20Build%20your%20own%20lab%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-evaluation%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%20Create%20a%20lab%20environment%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1031946644%22%20id%3D%22toc-hId-1032094699%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749341%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749500%22%3E%3C%2FA%3EModule%207.%20Reporting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Foverview-security-center%3Fview%3Do365-worldwide%23integrated-reports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOut%20of%20the%20box%20reports%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%3Abackhand_index_pointing_right%3A%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FejLnxQYVyz%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIntermediate%20Knowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904590538%22%20id%3D%22toc-hId--904442483%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281222%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749342%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749501%22%3E%3C%2FA%3ESecurity%20Operations%20Expert%3C%2FH2%3E%0A%3CH3%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712005014%22%20id%3D%22toc-hId-1712153069%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749343%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749502%22%3E%3C%2FA%3EModule%201.%20Incidents%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fincident-queue%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrioritize%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmanage-incidents%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EManage%20incidents%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22docs.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205061iC265623042FF4E62%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22docs.png%22%20alt%3D%22docs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fmtp-autoir-report-false-positives-negatives%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EReport%20false%20positives%2Fnegatives%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95449449%22%20id%3D%22toc-hId--95301394%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc45281226%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749344%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749503%22%3E%3C%2FA%3EModule%202.%20Advanced%20hunting%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%202%3A%20Joins%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP22JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FLMrO6K5TWOU%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%203%3A%20Summarizing%2C%20pivoting%2C%20and%20visualizing%20Data%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP29JUL20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2FUKnk9U1NH6Y%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22webcast.png%22%20style%3D%22width%3A%2017px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205058iFD24F42AC1504A48%2Fimage-dimensions%2F17x18%3Fv%3D1.0%22%20width%3D%2217%22%20height%3D%2218%22%20role%3D%22button%22%20title%3D%22webcast.png%22%20alt%3D%22webcast.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3BWebinar%20series%2C%20episode%204%3A%20Let%E2%80%99s%20hunt!%26nbsp%3BApplying%20KQL%20to%20incident%20tracking%20(%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMTP5AUG20_MP4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMP4%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fyoutu.be%2F2EUxOc_LNd8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EYouTube%3C%2FA%3E)%3C%2FLI%3E%0A%3CLI%3E%E2%A4%B4%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Fkusto-query-language-kql-from-scratch%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EPlural%20sight%20KQL%20training%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902903912%22%20id%3D%22toc-hId--1902755857%22%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749345%22%3E%3C%2FA%3E%3CA%20target%3D%22_blank%22%20name%3D%22_Toc53749504%22%3E%3C%2FA%3EModule%203.%20APIs%2C%20custom%20reports%2C%20SIEM%20%26amp%3B%20other%20integrations%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22blogs.png%22%20style%3D%22width%3A%2019px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F205062i0E592B86DF2C2CCF%2Fimage-dimensions%2F19x19%3Fv%3D1.0%22%20width%3D%2219%22%20height%3D%2219%22%20role%3D%22button%22%20title%3D%22blogs.png%22%20alt%3D%22blogs.png%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fsay-hello-to-the-new-microsoft-threat-protection-apis%2Fba-p%2F1669234%22%20target%3D%22_blank%22%3EMicrosoft%20365%20Defender%20APIs%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3E%3Abackhand_index_pointing_right%3A%20Ready%20for%20the%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FXF1qvD3xaV%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EExpert%20Knowledge%20Check%3C%2FA%3E%3F%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%224%22%3EOnce%20you%E2%80%99ve%20finished%20the%20training%20and%20the%20knowledge%20checks%2C%20please%3CSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Fforms.office.com%2Fr%2FKRaK8W349n%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eclick%20here%3C%2FA%3E%20to%20request%20your%20certificate%3C%2FSTRONG%3E%20(you'll%20see%20it%20in%20your%20inbox%20within%203-5%20business%20days.%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1789376%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22m365dNinja.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F227310iB8B3483D4979F5FF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22m365dNinja.PNG%22%20alt%3D%22m365dNinja.PNG%22%20%2F%3E%3C%2FSPAN%3EDo%20you%20want%20to%20become%20a%20ninja%20for%20Microsoft%20365%20Defender%3F%20We%20can%20help%20you%20get%20there!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1789376%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EM365D%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Defender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENinja%20blog%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENinja%20training%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EXDR%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2193984%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2193984%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20interesting%20and%20useful.%3CBR%20%2F%3EThank%20you%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2194070%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2194070%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EThanks%20for%20the%20training%2C%20I%20have%20successfully%20passed%20the%20evaluation%2C%20I%20share%20my%20certificate%3A%20D%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22M365%20Defender.PNG%22%20style%3D%22width%3A%20455px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F261752i471CFED925170575%2Fimage-dimensions%2F455x350%3Fv%3D1.0%22%20width%3D%22455%22%20height%3D%22350%22%20role%3D%22button%22%20title%3D%22M365%20Defender.PNG%22%20alt%3D%22M365%20Defender.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1797033%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1797033%22%20slang%3D%22en-US%22%3E%3CP%3EI%20cannot%20wait%20to%20go%20through%20the%20security%20modules.%20Awesome%20job!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2246744%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2246744%22%20slang%3D%22en-US%22%3E%3CP%3EVery%20good%20.%20Thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2247622%22%20slang%3D%22es-ES%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2247622%22%20slang%3D%22es-ES%22%3E%3CP%3ECompleted%2C%20I'm%20a%20Ninja%20in%20Microsoft%20365%20Defender.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2109998%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2109998%22%20slang%3D%22en-US%22%3E%3CP%3Eawesome%20resources%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2290846%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2290846%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EDo%20we%20have%20an%20estimation%20of%20the%20time%20requested%20to%20complete%20this%20training%20%3F%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1796194%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1796194%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F13441%22%20target%3D%22_blank%22%3E%40Reza_Ameri-Archived%3C%2FA%3E%26nbsp%3B%20weird%2C%20it%20should%20open%20in%20the%20same%20page.%20Thanks%20for%20the%20info%2C%20I%20will%20check%20again%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2369277%22%20slang%3D%22ja-JP%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2369277%22%20slang%3D%22ja-JP%22%3E%3CP%3EI%20found%20this%20wonderful%20learning%20content%20on%20MSLearn%20SC-200%20Microsoft%20Defender%20for%20Endpoints.%20I%20understood%20the%20features%20of%20Microsoft%20Defender.%20I'll%20recommend%20this%20Ninja%20contents%20to%20my%20colleagues.%20Thanks%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2109955%22%20slang%3D%22es-ES%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2109955%22%20slang%3D%22es-ES%22%3E%3CP%3E%3CSPAN%3EGreat%20resource!Thanks%20for%20sharing%20too.%3Am%C3%A3os_aplaudindo%3A%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2426760%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2426760%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20providing%20this%20great%20ninja%20training%20resource%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F63582%22%20target%3D%22_blank%22%3E%40Heike%20Ritter%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20last%20section%20%22%3CEM%3ESecurity%20Operations%20Expert%3C%2FEM%3E%22%20provides%20links%20to%20the%20same%20documentation%20for%20%22%3CEM%3EPrioritze%20incidents%3C%2FEM%3E%22%2C%20%22%3CEM%3EManage%20incidents%3C%2FEM%3E%22%20and%20%22%3CEM%3EReport%20false%20positives%2Fnegatives%3C%2FEM%3E%22%20that%20is%20already%20coverd%20in%20the%20%22%3CEM%3ESecurity%20Operations%20Intermediate%3C%2FEM%3E%22%20section%20(see%20screenshot%20below).%3C%2FP%3E%3CP%3EI%20am%20not%20sure%20if%20this%20was%20intentional%20but%20I%20guess%20it%20doesn't%20hurt%20to%20read%20about%20it%20twice%20%3AD%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ms-defender-ninja.jpg%22%20style%3D%22width%3A%20434px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287153i2CCD0710E3385AF2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22ms-defender-ninja.jpg%22%20alt%3D%22ms-defender-ninja.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2452057%22%20slang%3D%22en-US%22%3ERe%3A%20Become%20a%20Microsoft%20365%20Defender%20Ninja%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2452057%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20are%20some%20overlapping%20materials%20along%20the%20learning%20journey.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Mar 08 2021 09:44 AM
Updated by: