Email Template for “Microsoft 365 Defender has detected a threat”
Subject: Trofeo SOC Notification of a <Severity> Severity Defender Alert
Body:
Trofeo’s Security Operations received and reviewed the following alert from the Defender portal.
Client Name | Client name as shown in Defender portal |
Incident ID | Incident ID from Defender portal |
Severity | Severity from alert email or Defender portal |
Alert Name | Alert name from alert email or Defender portal |
Automated Investigation Status | Automated Investigation Status from the Defender portal. |
Recommended Actions for Client | Insert the most appropriate recommendation from the list below. If there is no appropriate recommendation in the list below, type up a recommended action based on the type of alert. |
Please review the alert and take any recommended actions. If you have any questions, please reply to this email.
Thank you.
Security Operations
******************************
Possible recommended actions which can be copied and pasted into the email body.
Device isolated. Follow up with user regarding steps to remediate device.
Device not isolated. Follow up with user associated with the device, if needed.
URL, email message, or file quarantined. No further action required.
User’s Microsoft 365 account should be reviewed to determine if it should be disabled or have the password reset.
Email Template for “New vulnerabilities notification from Microsoft Defender for Endpoint”
Subject: Trofeo SOC Notification of new vulnerabilities
Body:
Trofeo’s Security Operations received and reviewed a vulnerability email notification from the Defender portal.
Client Name | Client name as shown in Defender portal |
Notification Source | Vulnerability Management |
Number of CVEs in Notification | Enter a count of the number of CVEs listed in the email. |
Highest Severity | Highest level of severity in the email (since multiple CVEs may be included in the email). |
Notification Purpose | Microsoft Defender Vulnerability Management is configured to send the SOC an email notification when it detects one or more new vulnerabilities on one or more of your endpoints (devices), and the vulnerabilities have a medium or higher severity.
|
Recommended Actions for Client | Please review the vulnerabilities in the Defender portal. Go to Vulnerability Management (under Endpoints in the left navigation). Within Vulnerability Management, navigate to the Weaknesses page. You may sort on the “First Detected” column to see the vulnerabilities most recently detected first. Vulnerability Management also provides recommendations.
We recommend you review and perform remediation actions to remove the vulnerabilities.
|
If you have any questions, please reply to this email.
Thank you.
Security Operations
Email Template for “Vulnerabilities have public disclosed exploit notification from Microsoft Defender for Endpoint”
Subject: Trofeo SOC Notification of vulnerabilities with publicly disclosed exploits
Body:
Trofeo’s Security Operations received and reviewed a vulnerability email notification from the Defender portal.
Client Name | Client name as shown in Defender portal |
Notification Source | Vulnerability Management |
Number of CVEs in Notification | Enter a count of the number of CVEs listed in the email. |
Highest Severity | Highest level of severity in the email (since multiple CVEs may be included in the email). |
Notification Purpose | Microsoft Defender Vulnerability Management is configured to send the SOC an email notification when it detects one or more vulnerabilities on one or more of your endpoints (devices), and the vulnerabilities have known or publicly disclosed exploits. The notification does not indicate your exposed endpoints have been exploited; it indicates exploits of the vulnerability have been reported.
|
Recommended Actions for Client | Please review the vulnerabilities in the Defender portal. Go to Vulnerability Management (under Endpoints in the left navigation). Within Vulnerability Management, navigate to the Weaknesses page. You may sort on the “First Detected” column to see the vulnerabilities most recently detected first. You may also filter on the “Threats” column to see which vulnerabilities are associated with verified or available exploits. Vulnerability Management also provides recommendations.
We recommend you review and perform remediation actions to remove the vulnerabilities.
|
If you have any questions, please reply to this email.
Thank you.
Security Operations
Email Template for “Vulnerabilities have verified exploit notification from Microsoft Defender for Endpoint”
Subject: Trofeo SOC Notification of vulnerabilities with known, verified exploits
Body:
Trofeo’s Security Operations received and reviewed a vulnerability email notification from the Defender portal.
Client Name | Client name as shown in Defender portal |
Notification Source | Vulnerability Management |
Number of CVEs in Notification | Enter a count of the number of CVEs listed in the email. |
Highest Severity | Highest level of severity in the email (since multiple CVEs may be included in the email). |
Notification Purpose | Microsoft Defender Vulnerability Management is configured to send the SOC an email notification when it detects one or more vulnerabilities on one or more of your endpoints (devices), and the vulnerabilities have known or publicly disclosed exploits. The notification does not indicate your exposed endpoints have been exploited; it indicates exploits of the vulnerability have been reported.
|
Recommended Actions for Client | Please review the vulnerabilities in the Defender portal. Go to Vulnerability Management (under Endpoints in the left navigation). Within Vulnerability Management, navigate to the Weaknesses page. You may sort on the “First Detected” column to see the vulnerabilities most recently detected first. You may also filter on the “Threats” column to see which vulnerabilities are associated with verified or available exploits. Vulnerability Management also provides recommendations.
We recommend you review and perform remediation actions to remove the vulnerabilities.
|
If you have any questions, please reply to this email.
Thank you.
Security Operations
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article