check before: 2024-05-01
Product:
Defender, Defender for Cloud Apps, Microsoft 365 Defender
Platform:
Web, World tenant
Status:
Launched
Change type:
Feature update, Admin impact
Links:
Details:
A new data type in Microsoft 365 Defender Advanced Hunting. Behaviors will optimize the alerts queue by enabling security teams to focus on the most relevant alerts in their environment. They will indicate what took place in a descriptive form, attached to the MITRE tactics and techniques that are common measure most organizations follow and test their coverage against. This new data type which sits between the raw data and alert, will enable your security teams to prioritize critical alerts in your environment without having to compromise contextual information provided in a behavior that may be important to an investigation. The behaviors data will also enrich the context of related incidents and only correlate anomalies when relevant. Within Defender for Cloud Apps, we have identified some detections that are better suited as behaviors, and we are transforming them to the new data type to reflect it that can be retrieved via advanced hunting.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability, Preview
Created:
2023-04-05
updated:
2025-02-07
Public Preview Start Date
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
Direct effects for Operations**
- Impact on IT Operations
- Changes in alert prioritization
- Security teams may need to adjust their workflows to accommodate the new behaviors data type, which could lead to temporary disruptions in incident response processes.
- Roles impacted: Security Analysts, Incident Response Teams
- Potential integration issues with existing monitoring tools
- The introduction of behaviors may require updates or reconfigurations in existing security monitoring tools to ensure compatibility and optimal performance.
- Roles impacted: IT Administrators, Systems Integrators
- Impact on IT Services
- Altered incident correlation and response times
- The new behaviors data type may change how incidents are correlated, potentially leading to delays in identifying and responding to critical threats if not properly managed.
- Roles impacted: Security Operations Center (SOC) Teams, IT Service Management Teams
- Dependency on accurate data interpretation
- The effectiveness of the new behaviors data type relies on accurate interpretation by security teams; misinterpretation could lead to overlooking critical alerts or misallocating resources.
- Roles impacted: Security Analysts, IT Managers
References:
- Microsoft Defender for Cloud Apps documentation: [Microsoft Docs](https://docs.microsoft.com/en-us/microsoft-365/security/defender-cloud-apps/overview?view=o365-worldwide)
- MITRE ATT&CK framework: [MITRE ATT&CK](https://attack.mitre.org/)
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-02-07 | RM Status | Rolling out | Launched |
| 2024-05-30 | RM Preview | March CY2023 | May CY2023 |
| 2024-05-30 | RM Release | August CY2023 | May CY2024 |
| 2024-05-30 | RM Status | In development | Rolling out |
| 2024-03-25 | RM archived | True | False |
Last updated 2 months ago ago
