Automating threat detection alert responses
Automating responses to incidents and events in Microsoft Defender for Cloud significantly reduces overhead and administrative burden. As a good security practice, you should automate as many manual responses and procedures as possible. In this recipe, you will learn how to automate threat detection alert responses in Microsoft Defender for Cloud.
Getting ready
Open a web browser and navigate to https://portal.azure.com.
How to do it…
To automate a threat detection alert response in Microsoft Defender for Cloud, complete the following steps:
- In the Azure portal, open Microsoft Defender for Cloud.
- From the left menu, select Workflow automation.
- From the top menu, click + Add workflow automation. An Add workflow automation window will open on the right that has three sections: General, Trigger conditions, and Action.
- Under the General section, in the Name field, type in a name without spaces; for example...