Work with alerts & detections

• Identify and manage threats through the Detections page
  • What are detections?
  • How to investigate a detection
  • Detections page and summary view
  • Quick view of detection information
  • Detailed view of the detection information
  • Sort and filter detections
  • Add a note
  • Exclude an entity
  • Assign a user to a detection
  • Send a detection to ServiceNow
  • Close a detection
• Machine learning detections
  • Machine learning models
  • Machine learning analysis
• Search-based alerts
  • Initial access
  • Command and control
  • Credential access
  • Privilege escalation
  • Reconnaissance
• Normalized severity scores
• CrowdStrike data in detections
  • Isolate entities
  • Additional learning resources
• MS Defender data in detections
  • Isolate entities