#defenderxdr — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #defenderxdr, aggregated by home.social.
-
When Defender XDR is broken and useless, you could play with the acronym. Here are some tongue-in-cheek expansions of XDR that imply it doesn’t work:
- Extremely Disappointing Results
- eXtra Downtime & Regret
- Expect Delays, Reboots
- Xpect Daily Restarts
- Experimental Disaster Response
- X-tremely Dysfunctional Resource
- Excessive Debugging Required
Which one is your favorite?
#DefenderXDR -
Yes, Microsoft. This is exactly what I want to see when I'm responding to an incident. Let's take the time so you can tell me how great Defender XDR is. Much better use of my time than responding to the incident.
-
Narrator: Early morning, on a sunny Friday, our hero opens #DefenderXDR
Me: Cool no incidents.
Narrator: Couple hours later
Me: Oh there is a new incident!
Narrator: Continues checking the incident details, including the creation date...
ME: THREE DAYS AGO WFT?!
-
It seems my team mates still have time work, so they must be able to look at even more applicant for this #SOC analyst role in Switzerland!
https://recruitingapp-2563.umantis.com/Vacancies/515/Description/1
-
Me voy a cagar en Movistar y en la Liga, porque me parece mucha casualidad. Tengo cientos de alertas en Defender XDR de cientos de equipos contactando con C&C, y cuando investigo las IP veo que son CDN y que son de #Cloudflare. Nosotros no hemos metido la gamba y bloqueado estas IP, así que tiene que venir de Microsoft, de su intel, que por algún motivo las ha identificado como C2.
Y aquí lo que me huelo: espero que los bloqueos de la Liga no hayan empezado a afectar a terceros, proveedores de seguridad, que al compartir intel hayan incluido esas IP de Cloudflare como maliciosas. Porque es que no encuentro otra explicación, salvo que haya un gañán en Microsoft bloqueando lo que no debe. Y encima en viernes, qué casualidad también.
-
Do you use Microsoft Defender for Endpoint? If so, do you have full automation enabled for MDE’s Automated Investigation and Remediation (AIR) feature? You should. Great feature and I’ve never seen a false positive. #cybersecurity #microsoft #DefenderXDR
https://learn.microsoft.com/en-us/defender-endpoint/automation-levels
-
I am working on my #AzColorizer browser extension to include support colorizing the #DefenderXDR portal and I just accidentally colorized all the buttons, and it LOOKS 🔥
What do you think?
The use case here is that in multi-tenant situations the colors could be set for every tenant and the color would change when you switch to another organization.
-
Microsoft has announced that its Defender for Endpoint and Defender for Identity now support local data residency in India. This move is part of Microsoft's commitment to aligning with local data sovereignty requirements, enabling customers to onboard confidently knowing their data will remain within the Indian boundary. This helps them meet regulatory obligations and maintain control over their data.
In addition to India, these services are also available in the United States, European Union, United Kingdom, Australia, and Switzerland. New deployments are automatically created in the Azure region closest to your location. Existing customers can check their deployment geo within the portal or contact Customer Service and Support for a tenant reset if they want to update their service location. For more information on this topic or how you can benefit from it as a customer or potential user of Microsoft's services visit [this link](https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-switzerland/ba-p/4141490).
Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #M365Defender #DefenderXDR https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/host-microsoft-defender-data-locally-in-india/ba-p/4215053 -
Registration is now open for our Defender XDR Learning Group!
This learning group will be exploring subject areas encompassing Defender XDR with the M365 Business Premium license. Starting in August, we’ll be meeting every other week on Thursdays for 10 sessions to discuss chapter content, test configurations and deployments, and work in our lab tenant(s).
#m365 #Microsoft365BusinessPremium #defenderXDR
https://www.thirdtier.net/product/learning-defender-group/ -
Australia and USA time zones! We're going to be holding class for 20 hours over the course of 6 months to learn, test and develop SOPs. Plenty of time to soak it in. Register now.
https://www.thirdtier.net/product/learning-defender-group/
#M365 #microsoft365 #defenderxdr #microsoftdefender
https://www.thirdtier.net/product/learning-defender-group/ -
For M365 admins newsletter is all about catching up with Defender XDR. There will not be a newsletter next week as I continue my holiday. But trust me, there's plenty of reading here. And then be sure to sign up for our 10-session course to not only learn but to build your deployment SOP.
https://pblc.me/pub/6656c9bacd9d94
#microsoft365 #defenderXDR #cybersecurity
https://pblc.me/pub/6656c9bacd9d94 -
For M365 Admins - Recovery. This week's newsletter. Focus on cyber incident recovery. What Microsoft is offering different industries. Third Tier's Defender XDR course is open for registration. #Micrososft365 #M365 #cybersecurity #DefenderXDR #M365BusinessPremium @msftnews https://pblc.me/pub/4d687b93deb637
-
Registration is now open for our Defender XDR Learning Group!
This learning group will be learning and exploring subject areas encompassing Defender XDR with the M365 Business Premium license. Starting in August, we’ll be testing configurations and deployments, and work in our lab tenant(s). The sessions will be recorded, and we may build some shared best practice guides and SOPs as an outgrowth of our work together.
#m365 #Microsoft365BusinessPremium #defenderXDR
https://www.thirdtier.net/product/learning-defender-group/ -
This week, in the for M365 admins newsletter, the focus is on preventing Token theft. In the news, I also share information you need to know to help your clients use Copilot and other AI services.
#entraID #cybersecurity #DefenderXDR #AI
https://pblc.me/pub/9496c3045ee76e -
This weeks M365 admin newsletter is out! Here's your link. There's a sign-up at the bottom if you're like to get it in your Inbox each Monday. https://pblc.me/pub/64300c943bf0fb
#microsoft365 #MSP #MSSP #entraID #Intune #DefenderXDR #copilot
-
Made a thing for poking around sigma rules https://adonm.github.io/stlite-apps/apps/sigmatron.html including conversion to defender kql
Source is up https://github.com/adonm/stlite-apps/blob/main/apps/sigmatron.py (less than 100 lines!), streamlit lite is quite nice to play with
rules are grabbed from here - https://github.com/SigmaHQ/sigma
-
𝐂𝐨𝐩𝐢𝐥𝐨𝐭 𝐟𝐨𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐞𝐥𝐞𝐦𝐞𝐧𝐭𝐬 𝐨𝐟 𝐚𝐧 𝐞𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐩𝐫𝐨𝐦𝐩𝐭
From the "Get started with Microsoft Copilot for Security" online training, I highlight this interesting in-depth analysis.
𝐄𝐟𝐟𝐞𝐜𝐭𝐢𝐯𝐞 𝐩𝐫𝐨𝐦𝐩𝐭𝐬 give Copilot adequate and useful parameters to generate a valuable response. Security analysts or researchers should include the following elements when writing a prompt.
💡 𝐆𝐨𝐚𝐥 - specific, security-related information that you need
💡𝐂𝐨𝐧𝐭𝐞𝐱𝐭 - why you need this information or how you'll use it
💡𝐄𝐱𝐩𝐞𝐜𝐭𝐚𝐭𝐢𝐨𝐧𝐬 - format or target audience you want the response tailored to
💡𝐒𝐨𝐮𝐫𝐜𝐞 - known information, data sources, or plugins Copilot should use
At this link other prompting tips:
Full training: https://learn.microsoft.com/en-us/training/paths/security-copilot-and-ai/
#copilot #copilotforsecurity #securitycopilot #microsoft #microosoftsecurity #llm #openai #azureopenai #llmapps #soc #generativeai #genai #cybersecurity #azure #cloudsecurity #cloudnative #defender #sentinel #microsoftsentinel #xdr #defenderxdr #prompt #promptengineering
-
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐈𝐓𝐃𝐑 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 𝐰𝐢𝐭𝐡𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫
The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations.
For more information, see:
#itdr #defender #defenderxdr #identity #security #microsoft #microsoftsecurity #mdi #entraid #azuread #Identitythreatdetection #cloud #cloudsecurity #soc #cloudnative
-
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐈𝐓𝐃𝐑 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 𝐰𝐢𝐭𝐡𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫
The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations.
For more information, see:
#itdr #defender #defenderxdr #identity #security #microsoft #microsoftsecurity #mdi #entraid #azuread #Identitythreatdetection #cloud #cloudsecurity #soc #cloudnative
-
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐈𝐓𝐃𝐑 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 𝐰𝐢𝐭𝐡𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫
The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations.
For more information, see:
#itdr #defender #defenderxdr #identity #security #microsoft #microsoftsecurity #mdi #entraid #azuread #Identitythreatdetection #cloud #cloudsecurity #soc #cloudnative
-
𝐄𝐱𝐩𝐥𝐨𝐫𝐢𝐧𝐠 𝐭𝐡𝐞 𝐧𝐞𝐰 𝐈𝐓𝐃𝐑 𝐞𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 𝐰𝐢𝐭𝐡𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫
The new ITDR dashboard is designed to provide SOC professionals with a single, prioritized view of Identity-specific security information and recommendations.
For more information, see:
#itdr #defender #defenderxdr #identity #security #microsoft #microsoftsecurity #mdi #entraid #azuread #Identitythreatdetection #cloud #cloudsecurity #soc #cloudnative
-
𝐌𝐚𝐧𝐚𝐠𝐞 𝐲𝐨𝐮𝐫 𝐝𝐞𝐯𝐢𝐜𝐞𝐬 𝐰𝐢𝐭𝐡 𝐞𝐚𝐬𝐞 𝐮𝐬𝐢𝐧𝐠 𝐝𝐲𝐧𝐚𝐦𝐢𝐜 𝐫𝐮𝐥𝐞𝐬 𝐟𝐨𝐫 𝐝𝐞𝐯𝐢𝐜𝐞 𝐭𝐚𝐠𝐠𝐢𝐧𝐠 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫
We are excited to announce that dynamic rules for tagging devices is now generally available. This feature enables security teams to create and manage rules that automatically assign and remove tags from devices based on user-defined criteria directly in the Microsoft Defender portal.
Dynamic tags:
- simplify tag management,
- reduce manual efforts,
- facilitate efficient device tracking,
- simplify compliance by automatically categorizing non-compliant devices
#edr #xdr #defender #defenderxdr #microsoft365defender #endpoint #management #tag #device #compliance #microsoft #microsoftsecurity #soc #cloudsecurity #cloud #cloudnative
-
Get the e-book, 𝐓𝐡𝐞 𝐏𝐚𝐭𝐡 𝐭𝐨 𝐀𝐈: 𝐏𝐚𝐯𝐞 𝐭𝐡𝐞 𝐰𝐚𝐲 𝐟𝐨𝐫 𝐩𝐨𝐰𝐞𝐫𝐟𝐮𝐥 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐈 𝐰𝐢𝐭𝐡 𝐢𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐞𝐝 𝐗𝐃𝐑 𝐚𝐧𝐝 𝐒𝐈𝐄𝐌
You'll find information about:
➡ 𝐓𝐡𝐞 𝐏𝐚𝐭𝐡 𝐭𝐨 𝐀𝐈: how integrated XDR and SIEM can help organizations prepare for using generative AI cybersecurity tools such as Microsoft Security Copilot.
➡𝐓𝐡𝐞 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬 𝐨𝐟 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲: the common problems that security teams face, such as increasing attacks, expanding attack surfaces, talent shortage, and tool complexity.
➡𝐓𝐡𝐞 𝐁𝐞𝐧𝐞𝐟𝐢𝐭𝐬 𝐨𝐟 𝐈𝐧𝐭𝐞𝐠𝐫𝐚𝐭𝐞𝐝 𝐗𝐃𝐑 𝐚𝐧𝐝 𝐒𝐈𝐄𝐌: how combining XDR and SIEM can provide end-to-end visibility, speed, accuracy, and efficiency for security operations, as well as reducing costs and risks.
➡𝐓𝐡𝐞 𝐏𝐨𝐭𝐞𝐧𝐭𝐢𝐚𝐥 𝐨𝐟 𝐆𝐞𝐧𝐞𝐫𝐚𝐭𝐢𝐯𝐞 𝐀𝐈: Microsoft Security Copilot, the first generative AI security analysis tool, and how it can amplify security operations with natural language prompts, insights, guidance, and predictions.
➡𝐓𝐡𝐞 𝐍𝐞𝐱𝐭 𝐒𝐭𝐞𝐩𝐬 𝐭𝐨 𝐓𝐚𝐤𝐞: exploring deployment options and learn more about Microsoft’s SIEM and XDR solutions and Security Copilot.
https://info.microsoft.com/ww-landing-the-path-to-ai.html
#generativeai #genai #ai #xdr #siem #defenderxdr #defender #sentinel #soar #cybersecurity #cloudnative #cloudsecurity #security #copilot #securitycopilot #microsoft #microsoftsecurity #soc
-
𝐁𝐞𝐜𝐨𝐦𝐞 𝐚 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐔𝐧𝐢𝐟𝐢𝐞𝐝 𝐒𝐎𝐂 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐍𝐢𝐧𝐣𝐚
We are bringing together Microsoft Sentinel and Defender XDR to deliver the most optimized and unified security operations platform.
It's time to update with a new Ninja training. 🥋
Note: The integration of Microsoft Sentinel into the Defender portal is currently in private preview,
#microsoft #microsoftsecurity #sentinel #microsoftsentinel #siem #soar #xdr #defenderxdr #soc #defender #azure #cybersecurity #training #hunting #automation #cloudsecurity #cloudnative