Folks at Microsoft Defender Advanced Threat Protection (ATP) division are introducing their newly redesigned alerts page in the Microsoft Defender Security Center. As a result, the public preview of Microsoft Defender Security Center’s redesigned alert page is now live.
Microsoft Defender ATP gets redesigned alert page
This redesigned alert page in the company’s enterprise endpoint security platform will “enable security researchers to more effectively triage, investigate, and take effective actions on alerts.”
Microsoft says it listened to customer feedback on how to step up their endpoint security:
“The new alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story,” says Microsoft.
With the new alert page, Microsoft Defender ATP aims to provide customers with full knowledge of each alert based on the following set of principles:
- Improved focus
- An investigation-oriented approach
- Easier to take actions
Meaning, security researchers and analysts can quickly rather easily access relevant insights about each alert. The redesigned alert page will also combine and display related alerts on the same page. This way, Microsoft hopes to enhance the scope of the investigation. Microsoft Defender ATP has also built the necessary actions into the workflow to enable faster actions.
Watch the new Microsoft Defender ATP alert page in action!
How to get started with the new alert page on Microsoft Defender ATP
We urge you to first watch the above video. If you have already watched the video, you should know that each alert page now comprises four sections, as follows:
- The alert title
- Affected assets
- Alert story
- Details pane
The alert title consists of the name of the alert. Affected assets highlight devices and users affected by a particular alert. Alert story shows entities related to a particular alert. This is interconnected by a tree view. Microsoft says each entity in the alert story is expandable and clickable.
The details pane happens to be a dynamic section that provides customers with contextual information and actions for the selected object including the device itself. For example, Domain, Operating System, and IP.