ZDNet has reported that Microsoft has made its Automated Incident Response in Office 365 Advanced Threat Protection (ATP) generally available to enterprise customers.The automation feature, announced in preview earlier this April, aims to help security analysts respond faster and more systematically to a barrage of security alerts.
Microsoft is making two categories of automated incident response generally available. The first are automatic investigations that commence in response to new alerts, such as users reporting phishing email, users clicking on a link determined to be malicious, malware being detected in received email, and phishing email that has landed in a user’s mailbox.
The second category consists of manually initiated investigations that use Microsoft’s ‘automated playbook’ sequences for different scenarios and attack types.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.