Tagged: Microsoft 365 Defender
Microsoft Defender for Identity Group recently released the Active Directory Certificate Service (ADCS) support and expanded its coverage with a new AD CS sensor!. Great milestone. Like other sensor types in Microsoft Defender for Identity,...
Threat Hunting in the Cloud differs from Legacy Threat Hunting (on-premise). Change my Mind. This post, among many others in the “Cloud Threat Hunting” series, will take you into the Cloud Threat-Hutning and “little things”...
This post is updated constantly with queries from the field about the Microsoft 365 Defender. Some of the queries are standard, and others are advanced. Additionally, I’m breaking down the queries into building blocks and explanations.
How do you investigate security incidents in Active Directory? Is the investigation only at the Active Directory level? or may it include the endpoint? Is it through an interface or CLI? Adversaries love Active Directory, and...
Integrated threat protection from Microsoft will empower your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Get insights across your entire environment with Azure Sentinel. Use integrated, automated,...
While working with security incidents, the primary key is information. Things like important information, logs, data sources, a correlation between all data, and the signals – All of these are valuable when hunting and searching...