Hi everyone,
I work in start up Soc, slowly maturing, we’ve taken on a some high level clients, it’s a boutique Soc and we’re doing great things in terms of automations and suppressions. We are predominantly sentinel defender azure.
One thing that is killing me in Jira is the amount of phishing emails reported by one of clients, it’s a massive client with almost 20k people. In Jira we’ve done as much as we can, our tickets are populated with sender, subject etc, user who reported, delivery location. However, this isn’t enough, I’ve a decent mind when it comes to engineering, but I’m 3 years in and have tonnes on my plate at the minute. I can use Ai to give me a plan for this, but if senior engineers with experience could throw some suggestions out, I’d be really grateful.
TLDR - How to automate closure of benign phishing emails/ emails reported from junk, automated containment etc.