Daniel Chateau 
(シャトー・ダニエル)Oh, this was weird. Defender is tagging
streaming.infosec.exchange as a C2 at work. Have you ever seen Defender do this @jerry?
Jerry 🦙💝🦙@djchateau yeah, someone reported the same thing this morning. It appears to be a false positive. I don’t really know how to get it delisted though
kajer :notverified:https://threatvault.paloaltonetworks.com/
Granted this mostly relates to URL filtering on firewalls... I have no idea where XDR gets it's ideas from.
*edit - the more details link does NOT contain any more details.
@jerry @djchateau Also XDR as I was looking at stuff
Alert Name: Uncommon IP Configuration Listing via ipconfig.exe
Alert id: [REDACTED]
Severity: Low
Source: XDR Analytics BIOC
Category: Discovery
Action: Detected
Description: The 'ipconfig' command was executed on [REDACTED] to list the IP configuration for all devices. Child process command line: ipconfig /all. The command line was seen on 0 hosts in the last 30 days
Host: [REDACTED]
@kajer @djchateau I think it’s specific to MS Defender. I’m guessing one of their agents saw some post that looked malicious and when paired with it coming in via a web socket, made the determination its malicious
kajer :notverified: (@[email protected])
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Joshua Small@jerry @kajer @djchateau If one data point means anything I'm running all the Defender E5 stuff and nothing's tripping for me.