Take actions from Threat Hunting in M365 Defender
We wrote a blog post earlier about the news in threat hunting
New features in Advanced Hunting – Microsoft 365 Defender – SEC-LABS R&D
Another feature in hunting, which will speed up responses from a threat hunting scenario is Take Action
When selecting a record in the result, the Take Action button will be visible as seen in below picture
So instead of just creating a new incident or adding events to an existing incident we can take actions from the hunting experience.
In the Take actions experience we have actions grouped by Devices, Files and Users.
The action options available is dependent on the data in the result. For instance, file information like checksum is required to being able to quarantine a file.
When clicking Next we can see the target selected and click Next
We can add a Remediation name and Description for our action
This feature enables a rapid response at the fingertips of the threat hunters for immediate actions
For further information, please visit