Incident response overview.

Incident response is the practice of investigating and remediating active attack campaigns on your organization. This is part of the security operations discipline and is primarily reactive in nature. Incident response has the largest direct influence on the overall mean time to acknowledge (MTTA) and mean time to remediate (MTTR) that measure how well security operations are able to reduce organizational risk. Incident response teams heavily rely on good working relationships between threat hunting, intelligence, and incident management teams (if present) to actually reduce risk. See SecOps metrics for more information.

— Lees op docs.microsoft.com/en-us/security/compass/incident-response-overview