SecOps
ITOps
Event Ingestion and Deduplication: Events are ingested from Microsoft Purview and deduplicated, reducing manual effort and errors. This automation ensures a consistent and efficient process, saving time and improving accuracy compared to manual event handling.
Threat Analysis and Detection: The system analyzes event artifacts and identifies patterns, enhancing threat detection capabilities. This automated analysis is faster and more reliable than manual methods, allowing teams to quickly identify and respond to potential security threats.
Notification and Remediation: Notifications with embedded remediation actions are sent to Teams, enabling immediate response. This automation streamlines communication and action, reducing the delay and effort involved in manual notification and remediation processes.
Microsoft Purview: In this use case, Microsoft Purview is the source of event data, providing a stream of sign-in events that need analysis. It enables automation to access relevant security data, crucial for identifying and responding to potential threats.
Microsoft Graph: Microsoft Graph queries sign-in logs and gathers detailed information about user activities. It is vital for accessing and analyzing historical sign-in data and essential for detecting patterns and anomalies in user behavior.
Microsoft Teams: Microsoft Teams is the platform for delivering notifications and remediation actions. It allows security teams to receive alerts and immediately act directly within their communication tool, facilitating quick response and collaboration.
