This repository is intended to house common ways to respond to specific Microsoft Sentinel Incidents utilizing the Incidents Tasks feature.
Learn about Incident Tasks:
-
Use tasks to manage incidents in Microsoft Sentinel: https://rodtrent.com/lgl
-
Work with incident tasks in Microsoft Sentinel: https://rodtrent.com/wjb
-
Create incident tasks in Microsoft Sentinel using automation rules: https://rodtrent.com/okx
-
Create and perform incident tasks in Microsoft Sentinel using playbooks: https://rodtrent.com/s8m
Check out existing recipes from Microsoft Security Best Practices, Incident Response Playbooks:
-
Phishing investigation: https://rodtrent.com/4ep
-
Password spray investigation: https://rodtrent.com/tna
-
App consent grant investigation: https://rodtrent.com/rdx
-
Compromised and malicious applications investigation: https://rodtrent.com/ihj
-
Microsoft DART ransomware approach and best practices: https://rodtrent.com/xjt
-
Responding to ransomware attacks: https://rodtrent.com/ira