Introduction
As part of the Security Operations team in your company, you're going to help craft a security incident response plan. You'll use this plan to identify and respond to active threats to your servers and network.
Microsoft Defender for Cloud is a primary tool in that response plan, and learning how to use all of its features can help you quickly identify real threats from false positives. Defender for Cloud helps you find and fix vulnerabilities, aids in blocking malicious access, and alerts you when your resources are under attack.
Tip
Microsoft Defender for Cloud pulls data from all of your created resources. The level of detail presented varies based on the running workloads in your subscription(s). This is particularly true in the Azure Sandbox, which doesn't have any data.
Learning objectives
In this module, you will:
- View security alerts in Microsoft Defender for Cloud.
- Define an incident response plan.
- Use a Workflow automation to automate a security response.
Prerequisites
- Basic familiarity with Microsoft Defender for Cloud