2.1.13 Ensure malware trends are reviewed at least weekly

Information

Threat explorer shows specific instances of Microsoft blocking a malware attachment from reaching users, phishing being blocked, impersonation attempts, etc. The report should be reviewed at least weekly.

Rationale:

While this report isn't strictly actionable, reviewing it will give a sense of the overall volume of various security threats targeting users, which may prompt adoption of more aggressive threat mitigations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To remediate using the UI:

Navigate to Microsoft 365 Defender https://security.microsoft.com.

Click to expand Email & collaboration select Review.

Select Malware trends.

On the Threat Explorer page, select each tab to review statistics.

See Also

https://workbench.cisecurity.org/benchmarks/15279

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-6, 800-53|AU-6(1), 800-53|AU-7(1), CSCv7|6.2

Plugin: microsoft_azure

Control ID: 399a11735d6807f0df013ec17463a7b698fd996135639aa4525a3118c21c9572