Mastodawn

Fabian Bader Oct 10, 2023

Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux

#MDE #M365D #security #linux #eBPF

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/linux-support-ebpf?WT.mc_id=AZ-MVP-5004810

Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux

eBPF-based sensor deployment in Microsoft Defender for Endpoint on Linux.

Fabian Bader Sep 10, 2023

#M365D near real-time detections are now supported for the following tables

▫️CloudAppEvents
▫️IdentityDirectoryEvents
▫️IdentityLogonEvents
▫️IdentityQueryEvents

All other tables and more information can be found in the documentation 📃

https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-detection-rules?WT.mc_id=AZ-MVP-5004810#tables-that-support-continuous-nrt-frequency

Create and manage custom detection rules in Microsoft 365 Defender

Learn how to create and manage custom detections rules based on advanced hunting queries

Fabian Bader Jul 10, 2023

Changes to Microsoft Defender for Office 365 #Sentinel connector

▫️ Improved sync of alerts and incidents
▫️ increased number of alerts
▫️ Changes to the schema ⚠️

Disconnect and reconnect to get the new benefits

#M365D #MDO

https://learn.microsoft.com/en-us/azure/sentinel/whats-new?WT.mc_id=AZ-MVP-5004810#changes-to-microsoft-defender-for-office-365-connector-alerts-that-apply-when-disconnecting-and-reconnecting

What's new in Microsoft Sentinel

Learn about the latest new features and announcement in Microsoft Sentinel from the past few months.

Fabian Bader Jul 3, 2023

Defender for Identity release 2.207

Silent installations now support an AccessKeyFile instead of the AccessKey provided via cmdline

#MDI #M365D #security #AD

https://learn.microsoft.com/en-us/defender-for-identity/install-sensor?WT.mc_id=AZ-MVP-5004810#defender-for-identity-sensor-silent-installation

Install the sensor - Microsoft Defender for Identity

Learn how to install the Microsoft Defender for Identity sensors on your domain controllers.

rodtrent

Jun 20, 2023

Incident Response: Investigating a Ransomware Incident

Pt 1: https://rodtrent.com/8yu

Pt 2: https://rodtrent.com/352

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

Incident Response: Investigating a Ransomware Incident Pt 1 | Virtual Ninja Training w/ Heike Ritter

YouTube

rodtrent

Jun 19, 2023

Microsoft Defender for Identity Recommended Actions: Unsecure Account Attributes https://rodtrent.com/f26

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

Microsoft Defender for Identity Recommended Actions: Unsecure Account Attributes

Microsoft Secure Score helps organizations get insights into security posture based on security-related measurements. Microsoft Defender for Identity leverages Secure Score with fourteen recommende…

Microsoft Security Blog

rodtrent

Jun 19, 2023

Mastering Microsoft Defender Threat Intelligence: Detonation Intelligence File Hash and URL Search https://rodtrent.com/cg5

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D #MicrosoftThreatIntelligence

Mastering Microsoft Defender Threat Intelligence: Detonation Intelligence File Hash and URL Search

YouTube

rodtrent

Jun 16, 2023

Taking Actions on MDE Devices via PowerShell and MDE API https://rodtrent.com/z6f

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D #PowerShell

Taking Actions on MDE Devices via PowerShell and MDE API

Disclaimer: The information posted in this blog and on this website are not necessarily reflective of the views or recommendations of Microsoft. Though I am an employee of Microsoft, this is consid…

Security Occupied

rodtrent

Jun 16, 2023

DCA-DetectAADInternalsUse.kql - Detect AADInternals use, where we see a domain changed from managed to federated, and the issuer contains any.sts or the issuer suffix is 8 characters, a combination of letters and numbers

https://rodtrent.com/9li

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D #KQL #MustLearnKQL