Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR

Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatically-disrupt-adversary-in-the-middle-aitm-attacks-with/ba-p/3821751

#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst

Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.

Use Cases

➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender

➡Upload IOC to a storage account\public GitHub

➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender

➡M365 Defender Raw Event Detection

➡M365D Raw events flow into Sentinel with the M365 Defender Data connector

➡MDTI Feeds flow into Sentinel with MDTI Data connector

➡Manual TI correlation rule

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/what-s-new-mdti-interoperability-with-microsoft-365-defender/ba-p/3799846

#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp