A new section has been developed and released in our Security Best Practices section of the docs platform. With hope that this will be built out further and we’ll see additional guidance released, the Incident Response Playbooks section contains the following to start:
Bookmark this page and watch for updates. These Incident Response Playbooks provide all necessary guidance to be able to detect one of the covered techniques for attack. Each Playbook contains things like which log sources and events to capture and how to investigate. This is a valuable resource as I get questions around this all the time from customers.
There’s also guidance in each Playbook for using your SIEM to investigate. Azure Sentinel is the recommended too, of course, but there’s also guidance for non-Microsoft SIEMs.
The main page: Incident Response Playbooks
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]