SOC Casefile: Microsoft 365 Account Compromise Investigation.

Introduction. A SOC investigation following a compromised user typically takes between 45 minutes and 3 hours, depending on the volume of user activity, the quality of available audit data, the complexity of the attacker’s behaviour and whether any s...