SC-200 - Respond to Security Incidents - Section 2.5
Investigate Microsoft Defender for Endpoint device timelines, evidence, and entities.
Use the device timeline in Microsoft Defender for Endpoint to reconstruct the sequence of events on a compromised device, and examine evidence and entity pages to assess file, process, and network indicators. Review alerts and incidents in the device context and check device inventory details to understand exposure and patch state.
device timelinesevidence and entity investigationalerts and incidents in Microsoft Defender for Endpointdevice inventory
More in this domain
Back to all Respond to Security Incidents objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.