The new incident graph helps you quickly understand and visualize the full timeline and related entities of an attack by connecting the different suspicious entities with their related assets such as users, devices, mailboxes and applications. The graph presents a holistic view of how an attack spread through an environment over time, where it started and how far the attacker went.
To easily investigate the incident and to help get you oriented, you can select specific alerts for which you want to highlight relevant entities.
You can drill down to each alert directly from the graph as well as open the entity side pane.
This will allow you to review the entity details and take remediation actions, such as deleting a file or isolating a device.
So now you can review, investigate and remediate attacks while seeing the full story of the attack right away and understand how the entites are connected to each other.
The incident graph in Microsoft 365 Defender is available from the new Graph tab of an incident .
See also
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.