This post is updated constantly with queries from the field about the Microsoft 365 Defender. Some of the queries are standard, and others are advanced. Additionally, I’m breaking down the queries into building blocks and explanations.
How do you investigate security incidents in Active Directory? Is the investigation only at the Active Directory level? or may it include the endpoint? Is it through an interface or CLI? Adversaries love Active Directory,...
Integrated threat protection from Microsoft will empower your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Get insights across your entire environment with Azure Sentinel. Use integrated,...
While working with security incidents, the primary key is information. Things like important information, logs, data sources, a correlation between all data, and the signals – All of these are valuable when hunting and...
