Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Dealing with "Email reported by user as malware or phish"

Copper Contributor

We're working through automation of our Defender 365 incidents in Sentinel to try and reduce the operational load on our team.

 

One of the most common incidents we receive is "Email reported by user as malware or phish". We were hoping to use the result of the automated investigation to determine whether the automated action should be approved, but I have no idea how to get the result of the automated investigation into a playbook.

 

Does anyone have any suggestions? How do you deal with these types of incidents?

 

Thanks!

1 Reply

@mongie105 @Abhishek_Agrawal @Scott Landry is there an Graph API for the result of a MDO Investigation that Sentinel can query?