#advancedhunting — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #advancedhunting, aggregated by home.social.
-
Stay ahead in the world of cybersecurity with the latest advancements in network protection! 🛡️ Microsoft Defender for Endpoint is continuously evolving to provide comprehensive security for your network environment.
🔍 New Signatures for SSL, DNS, and NTLM Protocols
We're excited to announce that we've added new signatures for SSL, DNS, and NTLM protocols. These signatures enhance our ability to detect and respond to potential threats, bolstering your network's defense against evolving cyberattacks.
🚨 Deprecation of "NetworkSignaturesInspected" Signatures
Starting July 18, 2023, we will be deprecating a subset of signatures found in the "NetworkSignaturesInspected" action type of Advanced Hunting. Our integration with Zeek has led to more comprehensive network visibility, allowing us to consolidate signatures and provide you with a more streamlined experience.
🚀 Zeek Integration Unleashes New Capabilities
Our integration with Zeek has revolutionized network threat detection. With Zeek's advanced protocol parsing capabilities, we now offer enhanced visibility into network sessions, enabling us to identify anomalies and threats more effectively. This empowers you to take proactive measures against potential breaches.
🔗 Expanded Query Possibilities
The Zeek integration brings a wealth of opportunities for advanced hunting. From HTTP and SSH connections to ICMP and SSL sessions, you can now execute more intricate queries to uncover potential vulnerabilities and malicious activities.
💡 Actionable Insights from Protocol Data
Whether it's identifying suspicious user agents, detecting file downloads from HTTP, or even spotting potential ping scans, our advanced hunting examples showcase the power of Zeek-based events in uncovering threats that might go unnoticed.
🌐 Leveraging SSL and DNS Insights
Our SslConnectionInspected and DnsConnectionInspected action types provide detailed information about SSL and DNS connections, both inbound and outbound. These insights allow you to monitor network activity and identify potential risks associated with these protocols.
🔒 Securing NTLM Traffic
The introduction of the NtlmAuthenticationInspected action type allows you to track NTLM authentication events on managed endpoints. This invaluable data aids in monitoring and securing NTLM traffic, ensuring a strong defense against unauthorized access.
Stay vigilant and up-to-date with these enhancements to Microsoft Defender for Endpoint. By harnessing the power of Zeek integration and these advanced action types, you're empowered to defend your network against even the most sophisticated threats.
#Cybersecurity #NetworkProtection #MicrosoftDefender #AdvancedHunting #ThreatDetection #zeek #edr #xdr #microsoft #azure #cloud #cloudnative
-
Discovering internet-facing devices using Microsoft Defender for Endpoint
MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.
Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.
#mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity
-
Hunting - Office 365 Unified Audit Log
"This is a key data source in any cloud investigation because it contains a record of all the activity that has occurred in Office 365 and Azure Active Directory."
"If we use this resource correctly, it can help us build a full story of a threat actor’s activity in Office 365."
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/good-ual-hunting/ba-p/3718421
#hunting #advancedhunting #office365 #microsoft365 #sentinel #microsoftsentinel #casb #xdr #Azure #microsoft #microsoftsecurity #audit #ual #AzureActiveDirectory #Exchange #OneDrive #DefenderforCloudApps #siem #soar #cloud #cloudsecrity #data #kql