See how consolidated incidents improve SOC efficiency through this attack sprawl simulation
Published Jul 30 2020 03:13 PM 7,951 Views

Microsoft Threat Protection continuously and seamlessly scours endpoints, email and docs, cloud app, and identity activities for suspicious signals and uses deep correlation logic to automatically find links between related signals across domains. It connects related existing alerts and generates additional alerts for suspicious events that could otherwise be missed.


Correlated signals, alerts, and relevant entities are collected and consolidated into a single comprehensive incident representing the whole attack.


We put Microsoft Threat Protection’s incident feature to the test by simulating an end-to-end attack chain that involves various attacker techniques across multiple domains, including spear-phishing, credential theft, overpass-the-hash attack, lateral movement, and other techniques observed in actual investigations.




Learn how automatic correlations in Microsoft Threat Protection detected the initial access, lateral movement, and lateral phishing stages of the attack sprawl simulation. Read our latest blog: Inside Microsoft Threat Protection: Solving cross-domain security incidents through the power of cor...

1 Comment
Version history
Last update:
‎Jul 30 2020 03:14 PM
Updated by: