Microsoft has recently announced the enablement of automatic threat remediation in its Microsoft Defender. This is undoubtedly for the Endpoint users who have opted for the public previews.
The default automation level in it was set to ‘semi’, indicating that users were required to support any remediation. Likewise, for increased protection, it was set to ‘full’.
Such investigation is about a list of entities associated with the alert that is classified as malicious, suspicious, or clean. The tech giant explains that this plan will define, execute, and manage such actions – without demanding the intervention from the security operations teams.
Source: SecurityWeek