{"id":27123,"date":"2019-06-04T16:00:35","date_gmt":"2019-06-04T16:00:35","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=89497"},"modified":"2019-06-04T16:00:35","modified_gmt":"2019-06-04T16:00:35","slug":"step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/","title":{"rendered":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment"},"content":{"rendered":"<p>\u201cStep 10. Detect and investigate security incidents\u201d is the final installment in the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/security-deployment-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Top 10 actions to secure your environment<\/a> blog series. Here we walk you through how to set up <a href=\"https:\/\/azure.microsoft.com\/en-us\/features\/azure-advanced-threat-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure Advanced Threat Protection (Azure ATP)<\/a> to secure identities in the cloud and on-premises.<\/p>\n<p>Azure ATP is a service in the <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/03\/14\/evolution-microsoft-threat-protection-rsa-edition-2\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Threat Protection<\/a> solution, which integrates with Azure Identity Protection and Microsoft Cloud App Security and leverages your on-premises Active Directory signals to identify suspicious user and device activity with both known-technique detection and behavioral analytics. It protects user identities and credentials stored in Active Directory and allows you to view clear attack information on a simple timeline for fast triage. Integration with Windows Defender Advanced Threat Protection (Windows Defender ATP) provides a single interface to monitor multiple entry points.<\/p>\n<p>Azure ATP works by analyzing data sent by Azure ATP sensors that parse network traffic from domain controllers (Figure 1). In this blog, we share resources and advice that will help you install and configure the Azure ATP sensors following these steps:<\/p>\n<ul>\n<li>Plan your Azure ATP capacity.<\/li>\n<li>Install the Azure ATP sensor package.<\/li>\n<li>Configure Azure ATP sensor.<\/li>\n<li>Detect alerts.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-1.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89499 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-1.png\" alt=\"Infographic showing the Azure ATP architecture: Azure ATP sensors parse network traffic from domain controllers and send it to Azure ATP for analysis.\" width=\"614\" height=\"413\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-1.png 614w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-1-300x202.png 300w\" sizes=\"auto, (max-width: 614px) 100vw, 614px\"><\/a><\/p>\n<p><em>Figure 1:<\/em> <em>Azure ATP sensors parse network traffic from domain controllers and send it to Azure ATP for analysis.<\/em><\/p>\n<h3>Plan your Azure ATP capacity<\/h3>\n<p>Before you begin your Azure ATP deployment, you\u2019ll need to determine what resources are required to support your Azure ATP sensors. An Azure ATP sensor analyzes network traffic and reads events locally, without the need to purchase and maintain additional hardware or configurations. The Azure ATP sensor also supports Event Tracing for Windows (ETW), which provides the information for multiple detections. ETW-based detections include suspected DCShadow attacks that attempt to use domain controller replication requests and domain controller promotion.<\/p>\n<p>The recommended and simplest way to <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/atp-capacity-planning\" target=\"_blank\" rel=\"noopener noreferrer\">determine capacity<\/a> for your Azure ATP deployment is to use the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/atp-capacity-planning\" target=\"_blank\" rel=\"noopener noreferrer\">Azure ATP sizing tool<\/a>. Once you download and run the tool, the details in the \u201cBusy Packets\/sec\u201d field will help you determine the resources required for your sensors.<\/p>\n<p>Next, you <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/install-atp-step1\" target=\"_blank\" rel=\"noopener noreferrer\">create your Azure Advanced Threat Protection instance<\/a> and <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/install-atp-step2\" target=\"_blank\" rel=\"noopener noreferrer\">connect to your Azure Directory forest<\/a>. You\u2019ll need an Azure Active Directory (Azure AD) tenant with at least one global\/security administrator. Each Azure ATP instance supports a multiple Active Directory forest boundary and Forest Functional Level (FFL) of Windows 2003 and above.<\/p>\n<h3>Install the Azure ATP sensor package<\/h3>\n<p>Once Azure ATP is connected to Azure Directory, you can <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/install-atp-step3\" target=\"_blank\" rel=\"noopener noreferrer\">download the sensor package<\/a>. Click <strong>Download<\/strong> from the Azure ATP portal to begin the process. You need to copy the access key for use when you install the sensor (Figure 2).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89500 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2.png\" alt=\"Screenshot showing the access key and sensor setup download button in the Azure Directory dash.\" width=\"1234\" height=\"458\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2.png 1234w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2-300x111.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2-768x285.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-2-1024x380.png 1024w\" sizes=\"auto, (max-width: 1234px) 100vw, 1234px\"><\/a><\/p>\n<p><em>Figure 2: The access key is used in installation.<\/em><\/p>\n<p>Next, verify the domain controller(s) on which you intend to install Azure ATP sensors have internet connectivity to the Azure ATP Cloud Service. These URLs automatically map to the correct service location for your Azure ATP instance:<\/p>\n<ul>\n<li>For console connectivity: &lt;your-instance-name&gt;.atp.azure.com (For example, \u201cContoso-corp.atp.azure.com\u201d)<\/li>\n<li>For sensors connectivity: &lt;your-instance-name&gt;sensorapi.atp.azure.com (For example, \u201ccontoso-corpsensorapi.atp.azure.com\u201d)<\/li>\n<\/ul>\n<p><strong>Note<\/strong>: There is no \u201c.\u201d Between &lt;your-instance-name&gt; and \u201csensorapi\u201d.<\/p>\n<p>Extract the files from the ZIP and run the Azure ATP sensor setup.exe, which initiates the installation wizard. When you get to the <strong>Configure the Sensor<\/strong> screen, enter the access key you copied during the download.<\/p>\n<p>Note that all domain controllers in your environment should be covered by an Azure ATP sensor. The Azure ATP sensor supports the use of a proxy.<\/p>\n<p>For more information on proxy configuration, see <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/configure-proxy\" target=\"_blank\" rel=\"noopener noreferrer\">Configuring a proxy for Azure ATP<\/a>.<\/p>\n<h3>Configure the Azure ATP sensor<\/h3>\n<p>The domain synchronizer is responsible for synchronization between Azure ATP and your Active Directory domain. Depending on the size of the domain, the initial synchronization may take time and is resource intensive. We recommend setting at least one domain controller as the domain synchronizer candidate per domain. This ensures Azure ATP is actively scanning your network at all times. By default, Azure ATP sensors aren\u2019t domain synchronizer candidates. To manually set an Azure ATP sensor as a domain synchronizer candidate, switch the&nbsp;<strong>domain synchronizer candidate<\/strong>&nbsp;toggle option to&nbsp;<strong>ON<\/strong><strong>&nbsp;<\/strong>in the configuration screen (Figure 3).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-3.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89501 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-3.png\" alt=\"Screenshot showing the domain synchronizer candidate toggle switched to ON.\" width=\"657\" height=\"374\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-3.png 657w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-3-300x171.png 300w\" sizes=\"auto, (max-width: 657px) 100vw, 657px\"><\/a><\/p>\n<p><em>Figure 3: The&nbsp;<strong>domain synchronizer candidate<\/strong>&nbsp;toggle option set to&nbsp;<strong>ON<\/strong><strong>&nbsp;<\/strong>in the configuration screen.<\/em><\/p>\n<p>Next, <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/sensitive-accounts#tagging-sensitive-accounts\" target=\"_blank\" rel=\"noopener noreferrer\">manually tag groups or accounts as sensitive<\/a> to enhance detections. This is important because some Azure ATP detections, such as sensitive group modification detection and lateral movement paths, rely on sensitive groups and accounts.<\/p>\n<p>We also recommend that you <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/integrate-wd-atp\" target=\"_blank\" rel=\"noopener noreferrer\">integrate Azure ATP with Windows Defender ATP.<\/a> Windows Defender ATP monitors your endpoints and the integration provides a single interface to monitor and protect your environment. It is easy to turn on the integration from the Azure ATP portal (Figure 4).<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-89502 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4.png\" alt=\"Screenshot showing the Integration with Windows Defender ATP toggle switched to ON.\" width=\"1104\" height=\"566\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4.png 1104w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4-300x154.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4-768x394.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2019\/06\/Detect-and-investigate-security-incident-4-1024x525.png 1024w\" sizes=\"auto, (max-width: 1104px) 100vw, 1104px\"><\/a><\/p>\n<p><em>Figure 4: A simple toggle enables integration with Windows Defender ATP.<\/em><\/p>\n<p>You can also <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/install-atp-step6-vpn\" target=\"_blank\" rel=\"noopener noreferrer\">integrate with your VPN solution<\/a> to collect additional user information, such as the IP addresses and locations where connections originated. This complements the investigation process by providing additional information on user activity as well as a new detection for abnormal VPN connections.<\/p>\n<h3>Detect alerts<\/h3>\n<p>After you set up Azure ATP, we recommend that you set up an <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/atp-playbook-lab-overview\" target=\"_blank\" rel=\"noopener noreferrer\">Azure ATP security alert lab<\/a> to help you better understand the alerts which may be generated in your environment. The lab includes a reconnaissance playbook that shows how Azure ATP identifies and detects suspicious activities from potential attacks. The lateral movement playbook allows you to see lateral movement path threat detections and security alerts services of Azure ATP. In the domain dominance playbook, you\u2019ll simulate some common domain dominance methods. For best results set up your lab as close as possible to the instructions in the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/atp-playbook-setup-lab\" target=\"_blank\" rel=\"noopener noreferrer\">tutorial<\/a>.<\/p>\n<p>When Azure ATP is configured, you will be able to <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure-advanced-threat-protection\/understanding-security-alerts\" target=\"_blank\" rel=\"noopener noreferrer\">manage security alerts<\/a> in the Security Alerts Timeline of the Azure ATP portal. Azure ATP security alerts provide tools to discover which suspicious activities were identified on your network and the actors and computers involved in the threats. Alerts are organized by threat phase, graded for severity, and color-coded to make them easy to visually filter.<\/p>\n<p><strong>Learn more<\/strong><\/p>\n<p>This completes our series, \u201cTop 10 actions to secure your environment.\u201d <a href=\"https:\/\/www.microsoft.com\/security\/blog\/security-deployment-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Review the entire series<\/a> for advice on setting up other Microsoft 365 security products, such as <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/12\/05\/step-1-identify-users-top-10-actions-to-secure-your-environment\/\" target=\"_blank\" rel=\"noopener noreferrer\">Azure AD<\/a> or <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/03\/26\/step-7-discover-shadow-it-and-take-control-of-your-cloud-apps-top-10-actions-to-secure-your-environment\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Cloud App Security<\/a>.<\/p>\n<p><strong>Resources<\/strong><\/p>\n<p>READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2019\/06\/04\/step-10-detect-investigate-security-incidents-top-10-actions-secure-your-environment\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The \u201cTop 10 actions to secure your environment\u201d series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In \u201cStep 10. Detect and investigate security incidents,\u201d you\u2019ll learn how to set up Azure Advanced Threat Protection to uncover threats against your organization.<br \/>\nThe post Step 10. Detect and investigate security incidents: top 10 actions to secure your environment appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27124,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[6426,4620,6428],"class_list":["post-27123","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-azure-security","tag-microsoft-cloud-app-security","tag-security-deployment"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-06-04T16:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png\" \/>\n\t<meta property=\"og:image:width\" content=\"614\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment\",\"datePublished\":\"2019-06-04T16:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/\"},\"wordCount\":1075,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png\",\"keywords\":[\"Azure Security\",\"Microsoft Cloud App Security\",\"Security deployment\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/\",\"name\":\"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png\",\"datePublished\":\"2019-06-04T16:00:35+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png\",\"width\":614,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Security\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/azure-security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/","og_locale":"en_US","og_type":"article","og_title":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-06-04T16:00:35+00:00","og_image":[{"width":614,"height":413,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment","datePublished":"2019-06-04T16:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/"},"wordCount":1075,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png","keywords":["Azure Security","Microsoft Cloud App Security","Security deployment"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/","url":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/","name":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png","datePublished":"2019-06-04T16:00:35+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/06\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment.png","width":614,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/step-10-detect-and-investigate-security-incidents-top-10-actions-to-secure-your-environment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure Security","item":"https:\/\/www.threatshub.org\/blog\/tag\/azure-security\/"},{"@type":"ListItem","position":3,"name":"Step 10. Detect and investigate security incidents: top 10 actions to secure your environment"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27123"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27123\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27124"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}