Exercise 5: Investigate incidents
At Humongous IT, the Security Operations team, having integrated Microsoft Sentinel, is now ready to probe the incidents flagged by their existing Scheduled, Microsoft Security, Fusion, and Anomalies Analytics rules. Incidents, which may comprise several alerts, serve as a consolidated package of evidence crucial for investigations. They set the stage for understanding the alerts’ attributes like severity and status. With threat parameters defined and detection methods in place, the team is poised to monitor and investigate the detected threats through these incidents.
An interactive lab simulation is available that allows you to move through this lab scenario at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.