075: Develop security playbooks based on Entra logs
Overview
Define procedures to detect, respond and remediate incidents based on log activity. Use built in playbooks in SIEM/SOAR tools. Ensure that the SOC understands all the log types that are being ingested, how they should be used, and what they represent. Ensure that the SOC has reviewed the Entra security operations guide and built alerts and dashboards based on the content.