-
Notifications
You must be signed in to change notification settings - Fork 358
Expand file tree
/
Copy pathTOC.yml
More file actions
682 lines (682 loc) · 31.5 KB
/
TOC.yml
File metadata and controls
682 lines (682 loc) · 31.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
- name: Microsoft Defender XDR
href: index.yml
expanded: true
items:
- name: Overview
items:
- name: What is Microsoft Defender XDR?
href: microsoft-365-defender.md
- name: What's new
href: whats-new.md
- name: Preview features
href: preview.md
- name: Zero Trust
href: zero-trust-with-microsoft-365-defender.md
- name: Microsoft Copilot in Microsoft Defender
href: security-copilot-in-microsoft-365-defender.md
- name: US Government customers
href: usgov.md
- name: Industry tests
href: ./top-scoring-industry-tests.md
- name: Microsoft Defender XDR in the Microsoft Defender portal
href: microsoft-365-defender-portal.md
- name: Plan
items:
- name: Prerequisites
href: prerequisites.md
- name: Data security and privacy
href: data-privacy.md
- name: Pilot and deploy Microsoft Defender XDR
items:
- name: Overview
href: pilot-deploy-overview.md
- name: Defender for Identity
href: pilot-deploy-defender-identity.md
- name: Defender for Office 365
href: pilot-deploy-defender-office-365.md
- name: Defender for Endpoint
href: pilot-deploy-defender-endpoint.md
- name: Defender for Cloud Apps
href: pilot-deploy-defender-cloud-apps.md
- name: Investigate and respond to threats
href: pilot-deploy-investigate-respond.md
- name: Get started
items:
- name: Overview
href: get-started.md
- name: 1. Turn on Microsoft Defender XDR
href: m365d-enable.md
- name: 2. Deploy supported services
href: deploy-supported-services.md
- name: 3. Train your security staff
href: microsoft-365-defender-train-security-staff.md
- name: Setup guides for Microsoft Defender XDR
href: deploy-configure-m365-defender.md
- name: Protect against threats
items:
- name: Protect your endpoints
href: /defender-endpoint/microsoft-defender-endpoint?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Protect your identities
href: /defender-for-identity/what-is?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Protect your Office 365 workloads
href: /defender-office-365/mdo-about?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Protect your cloud apps
href: /defender-cloud-apps/what-is-defender-for-cloud-apps?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
- name: Protect your IoT/OT assets
href: protect-against-iot-ot-threats.md
- name: Protect your custom AI agents
href: ai-agent-inventory.md
- name: Microsoft Secure Score
items:
- name: Overview
href: microsoft-secure-score.md
- name: What's new
href: microsoft-secure-score-whats-new.md
- name: Assess your security posture
href: microsoft-secure-score-improvement-actions.md
- name: Track your score history and meet goals
href: microsoft-secure-score-history-metrics-trends.md
- name: Data storage and privacy
href: secure-score-data-storage-privacy.md
- name: Investigate and respond to threats
items:
- name: Overview
href: incidents-overview.md
- name: Correlation and merging
href: alerts-incidents-correlation.md
- name: Exclude analytics rules from correlation
href: exclude-analytics-rules-correlation.md
- name: Prioritize incidents
href: incident-queue.md
- name: Manage incidents
href: manage-incidents.md
- name: Use tasks to handle incident workflow
href: split-incidents-into-tasks.md
- name: Investigate and respond to incidents
items:
- name: Plan incident response
href: /unified-secops-platform/plan-incident-response
- name: Investigate incidents
href: investigate-incidents.md
- name: Understand graph icons and visualizations
href: understand-graph-icons.md
- name: Move alerts to another incident
href: move-alert-to-another-incident.md
- name: Merge incidents manually
href: merge-incidents-manually.md
- name: Investigate alerts
href: investigate-alerts.md
- name: Use Dynamic Threat Detection Agent
href: dynamic-threat-detection-agent.md
- name: Investigate entity pages
items:
- name: User
href: investigate-users.md
- name: Device
href: entity-page-device.md
- name: IP
href: entity-page-ip.md
- name: Investigate data loss prevention alerts with Microsoft Defender XDR
href: dlp-investigate-alerts-defender.md
- name: Investigate data loss prevention alerts with Microsoft Sentinel
href: dlp-investigate-alerts-sentinel.md
- name: Investigate and respond to container threats
href: investigate-respond-container-threats.md
- name: Investigate insider risk threats
href: irm-investigate-alerts-defender.md
- name: Create data security investigations
href: create-dsi-in-defender.md
- name: Configure and manage automated investigation and response
items:
- name: Overview
href: m365d-autoir.md
- name: Configure capabilities
href: m365d-configure-auto-investigation-response.md
- name: Remediation actions
href: m365d-remediation-actions.md
- name: Use the Action center
href: m365d-action-center.md
- name: View and manage remediation actions
href: m365d-autoir-actions.md
- name: View details and results
href: m365d-autoir-results.md
- name: Address false positives and negatives
href: m365d-autoir-report-false-positives-negatives.md
- name: Attack disruption
items:
- name: Overview
href: automatic-attack-disruption.md
- name: Manage
href: configure-attack-disruption.md
- name: View details and results
href: autoad-results.md
- name: Exclude assets from automated responses
href: automatic-attack-disruption-exclusions.md
- name: Predictive shielding
items:
- name: Overview
href: shield-predict-threats.md
- name: Manage and view details
href: shield-predict-threats-manage.md
- name: Search for threats with advanced hunting
items:
- name: Overview
href: advanced-hunting-overview.md
- name: Guided and advanced modes
href: advanced-hunting-modes.md
- name: Hunt for threats with Security Copilot
items:
- name: Overview
href: advanced-hunting-security-copilot.md
- name: Use the Threat Hunting Agent
href: advanced-hunting-security-copilot-threat-hunting-agent.md
- name: Generate KQL queries
href: advanced-hunting-security-copilot-query-assistant.md
- name: Hunt over Microsoft Sentinel data
items:
- name: Microsoft Sentinel data in advanced hunting
href: advanced-hunting-microsoft-defender.md
- name: Use functions, saved queries, and custom rules
href: advanced-hunting-defender-use-custom-rules.md
- name: Work with results containing Microsoft Sentinel data
href: advanced-hunting-defender-results.md
- name: Build queries using guided mode
items:
- name: Get started with query builder
href: advanced-hunting-query-builder.md
- name: Refine your query in guided mode
href: advanced-hunting-query-builder-details.md
- name: Work with query results in guided mode
href: advanced-hunting-query-builder-results.md
- name: Create queries using advanced mode
items:
- name: Learn, train, & get examples
items:
- name: Learn the query language
href: advanced-hunting-query-language.md
- name: Get expert training
href: advanced-hunting-expert-training.md
- name: Use shared queries
href: advanced-hunting-shared-queries.md
- name: Hunt across devices, emails, apps, and identities
href: advanced-hunting-query-emails-devices.md
- name: Hunt for ransomware
href: advanced-hunting-find-ransomware.md
- name: Hunt for email threats
href: advanced-hunting-email-threats.md
- name: Transition from Defender for Endpoint
href: advanced-hunting-migrate-from-mde.md
- name: Quickly investigate with go hunt
href: advanced-hunting-go-hunt.md
- name: Create custom functions
href: advanced-hunting-custom-functions.md
- name: Use built-in functions
items:
- name: AssignedIPAddresses()
href: advanced-hunting-assignedipaddresses-function.md
- name: DeviceFromIP()
href: advanced-hunting-devicefromip-function.md
- name: FileProfile()
href: advanced-hunting-fileprofile-function.md
- name: SeenBy()
href: advanced-hunting-seenby-function.md
- name: Optimize & handle errors
items:
- name: Apply query best practices
href: advanced-hunting-best-practices.md
- name: Handle errors
href: advanced-hunting-errors.md
- name: Work with query results
href: advanced-hunting-query-results.md
- name: Rerun query in query history
href: advanced-hunting-query-history.md
- name: Data schema
items:
- name: Understand the schema
href: advanced-hunting-schema-tables.md
- name: Schema naming changes
href: advanced-hunting-schema-changes.md
- name: AADSignInEventsBeta
href: advanced-hunting-aadsignineventsbeta-table.md
- name: AADSpnSignInEventsBeta
href: advanced-hunting-aadspnsignineventsbeta-table.md
- name: AIAgentsInfo
href: advanced-hunting-aiagentsinfo-table.md
- name: AlertEvidence
href: advanced-hunting-alertevidence-table.md
- name: AlertInfo
href: advanced-hunting-alertinfo-table.md
- name: BehaviorEntities
href: advanced-hunting-behaviorentities-table.md
- name: BehaviorInfo
href: advanced-hunting-behaviorinfo-table.md
- name: CampaignInfo
href: advanced-hunting-campaigninfo-table.md
- name: CloudAppEvents
href: advanced-hunting-cloudappevents-table.md
- name: CloudAuditEvents
href: advanced-hunting-cloudauditevents-table.md
- name: CloudProcessEvents
href: advanced-hunting-cloudprocessevents-table.md
- name: CloudStorageAggregatedEvents
href: advanced-hunting-cloudstorageaggregatedevents-table.md
- name: DataSecurityBehaviors
href: advanced-hunting-datasecuritybehaviors-table.md
- name: DataSecurityEvents
href: advanced-hunting-datasecurityevents-table.md
- name: DeviceBaselineComplianceAssessment
href: advanced-hunting-devicebaselinecomplianceassessment-table.md
- name: DeviceBaselineComplianceAssessmentKB
href: advanced-hunting-devicebaselinecomplianceassessmentkb-table.md
- name: DeviceBaselineComplianceProfiles
href: advanced-hunting-devicebaselinecomplianceprofiles-table.md
- name: DeviceEvents
href: advanced-hunting-deviceevents-table.md
- name: DeviceFileCertificateInfo
href: advanced-hunting-devicefilecertificateinfo-table.md
- name: DeviceFileEvents
href: advanced-hunting-devicefileevents-table.md
- name: DeviceImageLoadEvents
href: advanced-hunting-deviceimageloadevents-table.md
- name: DeviceInfo
href: advanced-hunting-deviceinfo-table.md
- name: DeviceLogonEvents
href: advanced-hunting-devicelogonevents-table.md
- name: DeviceNetworkEvents
href: advanced-hunting-devicenetworkevents-table.md
- name: DeviceNetworkInfo
href: advanced-hunting-devicenetworkinfo-table.md
- name: DeviceProcessEvents
href: advanced-hunting-deviceprocessevents-table.md
- name: DeviceRegistryEvents
href: advanced-hunting-deviceregistryevents-table.md
- name: DeviceTvmBrowserExtensions
href: advanced-hunting-devicetvmbrowserextensions-table.md
- name: DeviceTvmBrowserExtensionsKB
href: advanced-hunting-devicetvmbrowserextensionskb-table.md
- name: DeviceTvmCertificateInfo
href: advanced-hunting-devicetvmcertificateinfo-table.md
- name: DeviceTvmHardwareFirmware
href: advanced-hunting-devicetvmhardwarefirmware-table.md
- name: DeviceTvmInfoGathering
href: advanced-hunting-devicetvminfogathering-table.md
- name: DeviceTvmInfoGatheringKB
href: advanced-hunting-devicetvminfogatheringkb-table.md
- name: DeviceTvmSecureConfigurationAssessment
href: advanced-hunting-devicetvmsecureconfigurationassessment-table.md
- name: DeviceTvmSecureConfigurationAssessmentKB
href: advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
- name: DeviceTvmSoftwareEvidenceBeta
href: advanced-hunting-devicetvmsoftwareevidencebeta-table.md
- name: DeviceTvmSoftwareInventory
href: advanced-hunting-devicetvmsoftwareinventory-table.md
- name: DeviceTvmSoftwareVulnerabilities
href: advanced-hunting-devicetvmsoftwarevulnerabilities-table.md
- name: DeviceTvmSoftwareVulnerabilitiesKB
href: advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
- name: DisruptionAndResponseEvents
href: advanced-hunting-disruptionandresponseevents-table.md
- name: EmailAttachmentInfo
href: advanced-hunting-emailattachmentinfo-table.md
- name: EmailEvents
href: advanced-hunting-emailevents-table.md
- name: EmailPostDeliveryEvents
href: advanced-hunting-emailpostdeliveryevents-table.md
- name: EmailUrlInfo
href: advanced-hunting-emailurlinfo-table.md
- name: EntraIdSignInEvents
href: advanced-hunting-entraidsigninevents-table.md
- name: EntraIdSpnSignInEvents
href: advanced-hunting-entraidspnsigninevents-table.md
- name: ExposureGraphEdges
href: advanced-hunting-exposuregraphedges-table.md
- name: ExposureGraphNodes
href: advanced-hunting-exposuregraphnodes-table.md
- name: FileMaliciousContentInfo
href: advanced-hunting-filemaliciouscontentinfo-table.md
- name: GraphApiAuditEvents
href: advanced-hunting-graphapiauditevents-table.md
- name: IdentityAccountInfo
href: advanced-hunting-identityaccountinfo-table.md
- name: IdentityDirectoryEvents
href: advanced-hunting-identitydirectoryevents-table.md
- name: IdentityEvents
href: advanced-hunting-identityevents-table.md
- name: IdentityInfo
href: advanced-hunting-identityinfo-table.md
- name: IdentityLogonEvents
href: advanced-hunting-identitylogonevents-table.md
- name: IdentityQueryEvents
href: advanced-hunting-identityqueryevents-table.md
- name: MessageEvents
href: advanced-hunting-messageevents-table.md
- name: MessagePostDeliveryEvents
href: advanced-hunting-messagepostdeliveryevents-table.md
- name: MessageUrlInfo
href: advanced-hunting-messageurlinfo-table.md
- name: OAuthAppInfo
href: advanced-hunting-oauthappinfo-table.md
- name: UrlClickEvents
href: advanced-hunting-urlclickevents-table.md
- name: Custom detections
items:
- name: Custom detections overview
href: custom-detections-overview.md
- name: Create detection rules
href: custom-detection-rules.md
- name: Manage detection rules
href: custom-detection-manage.md
- name: Take action on query results
href: advanced-hunting-take-action.md
- name: Link query results to an incident
href: advanced-hunting-link-to-incident.md
- name: Find resource-heavy queries
href: advanced-hunting-limits.md
- name: Extend data coverage
href: advanced-hunting-extend-data.md
- name: Hunt using hunting graph
href: advanced-hunting-graph.md
- name: Track and respond to emerging threats
items:
- name: Threat analytics
items:
- name: Overview
href: threat-analytics.md
- name: Understand the analyst report
href: threat-analytics-analyst-reports.md
- name: Get access to indicators
href: threat-analytics-indicators.md
- name: Microsoft Defender Threat Intelligence in Defender XDR
href: defender-threat-intelligence.md
- name: Collaborate with Microsoft Defender Experts for Hunting
items:
- name: Overview
href: defender-experts-for-hunting.md
- name: Before you begin
href: before-you-begin-defender-experts.md
- name: Start using Defender Experts for Hunting
items:
- name: Onboarding and setting up Defender Experts Notifications
href: onboarding-defender-experts-for-hunting.md
- name: Access Defender Experts Notifications using Graph security API
href: access-den-graph-api.md
- name: Ask Defender Experts
href: experts-on-demand.md
- name: Understand Defender Experts for Hunting reports
href: defender-experts-report.md
- name: Frequently asked questions
items:
- name: General information
href: faq-defender-experts-hunting.md
- name: Server and cloud workload coverage
href: faq-cloud-coverage-defender-experts.md
- name: Collaborate with Microsoft Defender Experts for XDR
items:
- name: Overview
href: dex-xdr-overview.md
- name: Before you begin
href: before-you-begin-xdr.md
- name: Get started with Microsoft Defender Experts for XDR service
href: get-started-xdr.md
- name: Start using Microsoft Defender Experts for XDR service
items:
- name: Managed detection and response
href: managed-detection-and-response-xdr.md
- name: Scoped coverage
href: defender-experts-scoped-coverage.md
- name: Communicate with Defender Experts
href: communicate-defender-experts-xdr.md
- name: Reports
href: reports-xdr.md
- name: Third-party enrichment
href: third-party-enrichment-defender-experts.md
- name: Defender Experts for Hunting
href: defender-experts-for-hunting.md
- name: Auditing
href: auditing.md
- name: Frequently asked questions
items:
- name: General information
href: frequently-asked-questions.md
- name: Defender Experts for XDR Incident notifications
href: faq-incident-notifications-xdr.md
- name: Managed response
href: faq-managed-response.md
- name: Server and cloud workload coverage
href: faq-cloud-coverage-defender-experts.md
- name: Additional information on Defender Experts for XDR
items:
- name: Important considerations
href: additional-information-xdr.md
- name: How Defender Experts for XDR permissions work
href: dex-xdr-permissions.md
- name: Troubleshooting Defender Experts app permissions in Microsoft Teams
href: teams-restrictions-dexapp.md
- name: Investigate and respond with Microsoft Copilot in Microsoft Defender
items:
- name: Overview
href: security-copilot-in-microsoft-365-defender.md
- name: Summarize incidents
href: security-copilot-m365d-incident-summary.md
- name: Run script analysis
href: security-copilot-m365d-script-analysis.md
- name: Analyze files
href: copilot-in-defender-file-analysis.md
- name: Generate device summaries
href: copilot-in-defender-device-summary.md
- name: Summarize identities
href: security-copilot-defender-identity-summary.md
- name: Use guided responses
href: security-copilot-m365d-guided-response.md
- name: Generate KQL queries
href: advanced-hunting-security-copilot-query-assistant.md
- name: Create incident reports
href: security-copilot-m365d-create-incident-report.md
- name: Responsible AI FAQs
href: responsible-ai-copilot-defender.md
- name: Security Copilot agents in Microsoft Defender
items:
- name: Overview
href: security-copilot-agents-defender.md
- name: Phishing Triage Agent
href: phishing-triage-agent.md
- name: Threat Intelligence Briefing Agent
href: threat-intel-briefing-agent-defender.md
- name: Threat Hunting Agent
href: advanced-hunting-security-copilot-threat-hunting-agent.md
- name: Dynamic Threat Detection Agent
href: dynamic-threat-detection-agent.md
- name: Enhance security operations
items:
- name: Security operations guide
items:
- name: Overview
href: integrate-microsoft-365-defender-secops.md
- name: Step 1. Operations readiness
href: integrate-microsoft-365-defender-secops-plan.md
- name: Step 2. Readiness assessment using Zero Trust
href: integrate-microsoft-365-defender-secops-readiness.md
- name: Step 3. Integration with your SOC services
href: integrate-microsoft-365-defender-secops-services.md
- name: Step 4. Roles, responsibilities, and oversight
href: integrate-microsoft-365-defender-secops-roles.md
- name: Step 5. Test use cases
href: integrate-microsoft-365-defender-secops-use-cases.md
- name: Step 6. SOC maintenance tasks
href: integrate-microsoft-365-defender-secops-tasks.md
- name: Manage multitenant environments
items:
- name: Overview
href: /unified-secops-platform/mto-overview?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json&tabs=defender-portal
- name: Set up multitenant management
href: /unified-secops-platform/mto-requirements?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json&tabs=defender-portal
- name: Manage roles and permissions
items:
- name: Manage access and roles in Microsoft Defender XDR
items:
- name: Manage access
href: m365d-permissions.md
- name: Custom roles in role-based access
href: custom-roles.md
- name: Manage permissions with Defender XDR Unified RBAC
items:
- name: Overview
href: manage-rbac.md
- name: What's new
href: whats-new-in-microsoft-defender-urbac.md
- name: Create custom roles
href: create-custom-rbac-roles.md
- name: Import roles
href: Import-rbac-roles.md
- name: Activate Defender XDR Unified RBAC
href: activate-defender-rbac.md
- name: Edit, delete and export roles
href: edit-delete-rbac-roles.md
- name: Map Defender XDR Unified RBAC permissions
href: compare-rbac-roles.md
- name: About Defender XDR Unified RBAC custom permissions
href: custom-permissions-details.md
- name: Reference
items:
- name: Microsoft Defender XDR FAQs
href: m365d-enable-faq.md
- name: Alert policies
href: alert-policies.md
- name: Audit activities and events
href: microsoft-xdr-auditing.md
- name: Configure email notifications
items:
- name: Get notified about new and updated incidents
href: m365d-notifications-incidents.md
- name: Set up email notifications for response actions
href: m365d-response-actions-notifications.md
- name: Set up email notifications for Threat analytics reports
href: m365d-threat-analytics-notifications.md
- name: Configure alert notifications
href: configure-email-notifications.md
- name: Contact Microsoft Defender support
href: contact-defender-support.md
- name: Manage devices through dynamic rules
href: configure-asset-rules.md
- name: Provide managed service provider (MSSP) access
href: mssp-access.md
- name: Troubleshoot service issues
href: troubleshoot.md
- name: Create Custom Defender XDR reports
href: defender-xdr-custom-reports.md
- name: Visualize impact with the unified security summary
href: security-summary-report.md
- name: Microsoft Defender XDR APIs
items:
- name: Overview
href: api-overview.md
- name: Supported Microsoft Defender XDR APIs
href: api-supported.md
- name: Get started
items:
- name: Microsoft Defender XDR API license and terms of use
href: /legal/microsoft-365/api-terms
- name: Access Microsoft Defender XDR APIs
href: api-access.md
- name: Hello World example
href: api-hello-world.md
- name: Get access with application context
href: api-create-app-web.md
- name: Get access with user context
href: api-create-app-user-context.md
- name: Get partner application access
href: api-partner-access.md
- name: Other API resources
href: api-articles.md
- name: Microsoft Defender XDR APIs and schema
items:
- name: Common REST API error codes
href: api-error-codes.md
- name: Streaming API
items:
- name: Microsoft 365 streaming API
href: streaming-api.md
- name: Stream advanced hunting events to Azure Events hub
href: streaming-api-event-hub.md
- name: Stream advanced hunting events to your storage account
href: streaming-api-storage.md
- name: Supported streaming event types
href: supported-event-types.md
- name: Configure your Event hub
href: configure-event-hub.md
- name: Advanced hunting API
href: api-advanced-hunting.md
- name: Custom detections API
href: /graph/api/resources/security-api-overview?view=graph-rest-beta&preserve-view=true#custom-detections
- name: Incidents APIs
items:
- name: Incidents methods and properties
href: api-incident.md
- name: List incidents
href: api-list-incidents.md
- name: Update incidents
href: api-update-incidents.md
- name: Get Incident
href: api-get-incident.md
- name: Fetch Microsoft Defender XDR incidents
href: fetch-incidents.md
- name: SIEM integration
items:
- name: Integrate your SIEM tools with Microsoft Defender XDR
href: configure-siem-defender.md
- name: Troubleshoot issues with integrating SIEM tools
href: /defender-endpoint/troubleshoot-siem
- name: Partner catalog
items:
- name: Technological partners of Microsoft Defender XDR
href: /defender-endpoint/technological-partners
- name: Professional services supported by Microsoft Defender XDR
href: /defender-endpoint/professional-services
- name: Resources
items:
- name: Alert classification playbooks
items:
- name: Overview
href: alert-classification-playbooks.md
- name: Suspicious email forwarding activity
href: alert-grading-playbook-email-forwarding.md
- name: Suspicious inbox forwarding rules
href: alert-grading-playbook-inbox-forwarding-rules.md
- name: Suspicious inbox manipulation rules
href: alert-grading-playbook-inbox-manipulation-rules.md
- name: Suspicious password-spray-related IP address
href: alert-classification-suspicious-ip-password-spray.md
- name: Malicious Exchange connectors
href: alert-classification-malicious-exchange-connectors.md
- name: Password spray attacks
href: alert-classification-password-spray-attack.md
- name: Incident response playbooks
href: /security/operations/incident-response-playbooks
- name: Customize incident responses
href: security-upload-guide.md
- name: Ransomware playbooks
items:
- name: Detecting human-operated ransomware attacks with Microsoft Defender XDR
href: playbook-detecting-ransomware-m365-defender.md
- name: Responding to ransomware attacks
href: playbook-responding-ransomware-m365-defender.md
- name: Threat actor naming
href: /unified-secops-platform/microsoft-threat-actor-naming?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json&tabs=defender-portal
- name: Understand threat intelligence concepts
href: /defender-endpoint/threat-indicator-concepts
- name: Software developer FAQ
href: developer-faq.yml
- name: Microsoft Defender XDR docs
items:
- name: Defender for Office 365
href: /defender-office-365
- name: Defender for Endpoint
href: /defender-endpoint
- name: Defender for Identity
href: /defender-for-identity
- name: Defender for Cloud Apps
href: /cloud-app-security
- name: Defender for Business
href: /defender-business
- name: Defender Vulnerability Management
href: /defender-vulnerability-management