Incident response playbooks
You need to respond quickly to security attacks to contain the attack and limit the damage. As new widespread cyberattacks happen, Microsoft will respond with detailed incident response guidance through various communication channels, primarily through the Microsoft Security Blog.
The following content is Microsoft best practice information, provided by Microsoft Incident Response. This team provides fast, flexible services that will remove a bad actor from your environment, build resilience for future attacks, and help mend your defenses after a breach.
Review the following incident response playbooks to understand how to detect and contain these different types of attacks:
Each playbook includes:
- Prerequisites: The specific requirements you need to complete before starting the investigation. For example, logging that should be turned on and roles and permissions that are required.
- Workflow: The logical flow that you should follow to perform the investigation.
- Checklist: A list of tasks for the steps in the flow chart. This checklist can be helpful in highly regulated environments to verify what you have done.
- Investigation steps: Detailed step-by-step guidance for the specific investigation.
Incident response resources
- Overview for Microsoft security products and resources for new-to-role and experienced analysts
- Planning for your Security Operations Center (SOC)
- Microsoft Defender XDR incident response
- Microsoft Defender for Cloud (Azure)
- Microsoft Sentinel incident response
- Microsoft Incident Response team guide shares best practices for security teams and leaders
- Microsoft Incident Response guides help security teams analyze suspicious activity