The new incident naming feature in Microsoft Threat Protection now lets you understand an incident's scope at a glance!
When you are looking at the incident queue and need to determine which incident you should look at next, hints about the content of the incident play an important role in making this choice. Giving incidents automatic names is complex because it encompasses a variety of different suspicious activities.
Our researchers have developed a state-of-the-art algorithm that automatically describes incidents with comprehensive names, leveraging the MITRE ATT&CK® categories we have for each alert. Instead of having numerical incident names like Incident 1234, you now see incident names like Multi-stage incident involving Discovery & Collection reported by multiple sources.
Now, analysts can quickly understand the scope of the incident right from the Microsoft Threat Protection incident queue. Having the incidents name and supporting data (like the number of endpoints affected, users affected, detection sources, categories, and more) in one view, analysts can make faster decisions based on the nature of the incident. This improvement saves analysts time and effort better spent investigating and remediating high-priority threats.
Here are some examples of incident names developed with the new algorithm:
To learn more about incident in Microsoft Threat Protection go to the following links:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.