Chapter 3: Workflow Automation and Continuous Export
In this chapter, you will learn how to configure Microsoft Defender for Cloud workflow automation, configure continuous data export, and automate Microsoft Defender for Cloud responses.
Although automation is great and very useful, since it reduces security administrator fatigue and greatly shortens the time to react to events and potential threats, it is of the utmost importance to know that you should not automate everything immediately. Automation needs to be planned, and a decision to automate, especially if it concerns security, needs to be justified and developed over time.
Enabling automation just to reduce or eliminate work could make an environment less secure, so some tasks need to remain manual to ensure you can detect potential exposure.
We will cover the following recipes in this chapter:
- Creating logic apps for use in Microsoft Defender for Cloud
- Automating threat detection alert responses ...