Microsoft has recently announced that it has enabled the automatic threat remediation into its Microsoft Defender. This is certainly for the Endpoint users who have opted for the public previews.
Its default automation level was set to ‘semi’, indicating that users were required to support any remediation. Similarly, for increased protection, it was set to ‘full’.
Such investigation is about a list of entities associated with the alert that are classified as suspicious, malicious, or clean. The tech giant explains that this initiative will define, execute, and manage such actions – without demanding intervention from the security operations teams.
Source: SecurityWeek