Sunday, October 3, 2021

Assign incidents and alerts to someone else

You can now assign incidents and alerts to someone else in your organization

 

To control and manage incidents and alerts in the organization, sometimes you would need to assign them to a specific analyst. Now you can do that right from the incident queue in Microsoft 365 Defender.

 

How does it work?

 

From the incident or alert side pane in the incident queue or the incident page, select Manage incident/alert and choose the user account you want to assign.

Idan_Pelleg_10-1633262326506.png

 

By default, the first value in the “assign to” drop menu will be yourself (“Me” at the title).

Note that you can choose all users from the organization, but only users with access to the Microsoft 365 Defender portal will be able to view the incident or alert. So, to help you assign the most relevant people in the organization, the rest of the default suggestions you will get are the latest assignees you chose.

Idan_Pelleg_11-1633262337652.png

 

Once the user is assigned, he can filter to see only incidents that are assigned to himself. A SOC manager that dispatches the incident queue can also filter for all unassign incidents or alerts to choose the relevant incident he would like to assign.

 

 

 

 

Posted at https://sl.advdat.com/3me3M8Y