This guide provides information about investigating and remediating Cloud App Security alerts in the following categories.įollowing proper investigation, all Cloud App Security alerts can be classified as one of the following activity types: This additional reference makes it easier to understand the suspected attacks technique potentially in use when a Cloud App Security alert is triggered. To explain and make it easier to map the relationship between Cloud App Security alerts and the familiar MITRE ATT&CK Matrix, we've categorized the alerts by their corresponding MITRE ATT&CK tactic. Finally, some alerts may be in preview, so regularly review the official documentation for updated alert status. However, it's important to note that since anomaly detections are non-deterministic by nature, they're only triggered when there's behavior that deviates from the norm. Included in this guide is general information about the conditions for triggering alerts. The purpose of this guide is to provide you with general and practical information on each alert, to help with your investigation and remediation tasks. Microsoft Cloud App Security provides security detections and alerts for malicious activities. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog. For more information about the change, see this announcement. In the coming weeks, we'll update the screenshots and instructions here and in related pages. It's now called Microsoft Defender for Cloud Apps. We've renamed Microsoft Cloud App Security.
0 kommentar(er)
