Hi,
I have a Defender ATP environment with several thousand clients in it and I have been asked to automate whatever I can for compliance and remediation.
Can anyone recommend some best practice custom detection rules you might use with Defender ATP to help build foundations on automation?
Regards
Mike