Introduction

Completed

Microsoft Defender for Cloud provides a purpose-driven user interface to manage and investigate security incidents and alerts across protected resources. The alert includes actions to take to remediate the threat and steps to prevent future attacks.

You're a Security Operations Analyst working at a company that has deployed cloud workload protection with Defender for Cloud. You're responsible for remediating security alerts generated by Defender for Cloud detections.

You receive an alert regarding a container; the alert provides information to manually remediate the issue and what you can do in the future to prevent further attacks. You work with the infrastructure team to resolve the issue. The infrastructure team recommends creating automated remediation tasks for future alerts regarding the same problem. You create a Logic App to perform the actions for future alerts.

Learn how to remediate security alerts in Defender for Cloud.