People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?Read more
Tag Archives: Microsoft Defender ATP
Gundog provides you powershell based guided hunting for Microsoft 365 Defender.Read more
The big list of modern cloud identity protection.Read more
There have been times, were there was no answer, when the question was raised: “how can I block access to certain internet domains in the modern workplace scenario?” – Those times are over.Read more
Let’s assume you just learned about this new vulnerability in in VLC. Attackers can exploit it by sending .mkv files to your users via Email. Pretty easy – pretty dangerous.Read more
Sometimes isolating or blocking user actions (like downloads) is too restrictive – instead you just want to warn or ‘educate’ him. At the same time, I don’t know too many ITpros that enjoy talking to their end-users (I think we all should, but this is another story). Today we will look into a flow-automation of Microsoft Defender Advanced Threat Protection (MDATP) alerts.Read more
In the past, we could consume the MDATP API ‘on demand’ (pull) by PowerShell for example.
We could even do advanced hunting queries via the API.
However, pulling the data out of MDATP might bring in some delay in one or the other scenario and the information from the advanced hunting results are limited to the last 30 days.
With the brand new ‘Streaming API’, Microsoft is offering a new approach to make data from MDATP available outside of the portal.Read more
The new Unifed Identity SecOps Experience brings together information from Azure ATP, Microsoft Cloud App Security (MCAS) and Azure AD Identity Protection.
In this blog post, we will look into the new UI and evaluate which value it has. However – as always-, I am trying to add a little ‘spice’ and therefore we will build in some Mimikatz action. Be exicted :-).Read more
While talking about the protection mechanisms in modern cloud environments, one tends to forget the other side.
You must know your enemy in order to fight him successfully. Today we will build a lab to attack a modern Microsoft cloud environment that is protected by the brightest star on Microsoft’s security sky: Microsoft Defender ATP*.Read more