Category: Microsoft Defender XDR
-
Isolated an Endpoint? Automate tag adding and notifications
If you are part of a big organization, you might need to reach out to some colleagues and teams, in case you isolate an endpoint. An end user will probably reach out to your help desk in order to identify if there is an issue with her/his endpoint. Hence, you may want to spare some…
-
Harnessing threat intelligence using externaldata operator
Having a Threat Intelligence Platform (TIP) to maintain Indicators of Compromise (IoCs) is somewhat a standard these days. However, not all organizations use a TIP such as MISP, but this shouldn’t prevent anyone from using threat intelligence feeds for hunting, especially when it comes to Microsoft Defender XDR. Table of Contents What are threat intelligence…
-
Operationalizing MITRE ATT&CK with Microsoft Security (Part 1)
The MITRE ATT&CK framework has emerged as a cornerstone of modern cybersecurity, empowering organizations to navigate the complex world of cyber attacks with greater clarity and effectiveness. The ATT&CK matrix provides a comprehensive knowledge base of adversary tactics, techniques, and procedures (TTPs) that enable security teams to better understand, detect, and respond to sophisticated threats.…