Important
The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.
Applies to:
- Microsoft 365 Defender
National Institute of Standards and Technology (NIST) recommends that once all steps have been taken to recover from the attack, organizations must review the incident to learn from it and improve security posture or processes. Assessing the different aspects of incident-handling becomes important in preparing for the next incident.
Microsoft 365 Defender can help in performing post-incident activities by providing an organization with alerts that align with MITRE ATT&CK Framework. All Microsoft Defender solutions label attacks in accordance with an ATT&CK tactic or technique.
By mapping alerts to this industry framework, you can:
- Conduct an analysis of gaps in security coverage.
- Determine adversary and campaign attribution.
- Perform trend analysis.
- Identify skill gaps in attack method awareness.
- Create a Power Automate Playbook for faster remediation.
Post-incident review activity can also result in fine-tuning your security configuration and security team’s processes, enhancing your organization’s response capabilities.
