F0rm4t · @F0rm4t
41 followers · 44 posts · Server infosec.exchange
"Public preview of near real-time custom detections in Microsoft 365 Defender.
You can now create custom detection rules that run in near real-time, in addition to existing frequencies ranging from every 24 hours to every hour. These detections can be integrated with the broad set of Microsoft 365 Defender across email, endpoint, and identity, leading to faster response times and faster mitigation of threats.
This new frequency will be available in Microsoft 365 Defender as Continuous (NRT). "
#microsoftsecurity #microsoft365 #microsoft #defender #microsoft365defender #xdr #nrt #nearrealtime #detection #soc #azure #cloud #cloudsecurity #soc #analyst #securityanalyst #cybersecurity
#microsoftsecurity #microsoft365 #microsoft #defender #microsoft365defender #xdr #NRT #nearrealtime #detection #soc #azure #cloud #cloudsecurity #analyst #SecurityAnalyst #cybersecurity
F0rm4t · @F0rm4t
41 followers · 43 posts · Server infosec.exchange
Adversary-in-the-middle (AiTM) phishing is capable of circumventing multifactor authentication (MFA) through reverse-proxy functionality.
Dig into an example of a real-life attack and explore how to mitigate these types of attacks.
#AiTM #mfa #2fa #multifactorauthentication #azure #azuread #azureactivedirectory #defender #xdr #microsoft365defender #microsoft #microsoftsecurity #microsoft365 #conditionalaccess #antiphishing #sentinel #microsoftsentinel #identity #identityprotection #reverseproxy #cybersecurity #iam #iag #ueba #credentialtheft #phishing #soc #securityanalyst #monitoring #risk
#AiTM #mfa #2fa #multifactorauthentication #azure #azuread #azureactivedirectory #defender #xdr #microsoft365defender #microsoft #microsoftsecurity #microsoft365 #conditionalaccess #antiphishing #sentinel #MicrosoftSentinel #identity #identityprotection #reverseproxy #cybersecurity #iam #iag #ueba #credentialtheft #phishing #soc #SecurityAnalyst #monitoring #risk
Dustin Schutzeichel · @CloudProtectNinja
2 followers · 15 posts · Server infosec.exchange📢 The near real-time frequency for custom detection rules with #Microsoft365Defender advanced hunting is now available in preview. The updated documentation highlights the #AdvancedHunting tables supported for continuous rule detection:
https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-detection-rules
#microsoft365defender #advancedhunting
Dustin Schutzeichel · @CloudProtectNinja
2 followers · 14 posts · Server infosec.exchangeThe #Microsoft365Defender team collected a 3-phase guide & implementation checklists against #ransomware:
1️⃣ Prepare recovery plan
2️⃣ Protect privileged roles + improve detection & response
3️⃣ Improve identity, e-mail & endpoint security
https://learn.microsoft.com/en-us/security/ransomware/protect-against-ransomware
#microsoft365defender #ransomware #M365D #mdo #MDE #azuread
F0rm4t · @F0rm4t
36 followers · 41 posts · Server infosec.exchange
Gartner has recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms.
Great news!
Report: https://www.gartner.com/doc/reprints?id=1-2AJ91JO6&ct=220707&st=sb
#microsoft #gartner #mq #epp #edr #leader #edr #xdr #microsoft #microsoft365defender #mde #azure #cloud #cloudsecurity #xdr #mitre #azure #endpointprotection #cybersecurity
#microsoft #gartner #mq #epp #edr #leader #xdr #microsoft365defender #MDE #azure #cloud #cloudsecurity #mitre #endpointprotection #cybersecurity
F0rm4t · @F0rm4t
36 followers · 39 posts · Server infosec.exchange
Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender
We are excited to announce the expansion of the public preview to cover business email compromise (BEC) campaigns, in addition to human-operated ransomware (HumOR) attacks.
#microsoft #xdr #edr #defender #mdi #mde #mdo #azure #cloud #cloudsecurity #email #bec #Ransomware #microsoft365 #microsoft365defender #humor #automation #ir #incidendresponse #siem #identity #casb #endpoint #epp
#microsoft #xdr #edr #defender #MDI #MDE #mdo #azure #cloud #cloudsecurity #email #bec #ransomware #microsoft365 #microsoft365defender #humor #automation #ir #incidendresponse #siem #identity #casb #endpoint #epp
Dustin Schutzeichel · @CloudProtectNinja
2 followers · 11 posts · Server infosec.exchange
#MicrosoftDefender for Office 365 (#MDO) provides more granular options for anti-spoofing policies and how you want to deal with the published #DMARC config of the domain owner.
Didn‘t find official documentation by the #Microsoft365Defender team on this change in #MDO anti-phishing yet. Anyone who has more information?
#microsoftdefender #mdo #dmarc #microsoft365defender
F0rm4t · @F0rm4t
32 followers · 34 posts · Server infosec.exchangeIn this blog post, we'll explain how you can set up automatic response actions for any built-in alerts in Microsoft 365 Defender:
#xdr #microsoft #microsoft365defender #azure #edr #casb #defender #ExtendedDetectionandResponse #soc #kql #siem #soar #azure #cloud #cloudsecurity #automation #cybersecurity
#xdr #microsoft #microsoft365defender #azure #edr #casb #defender #extendeddetectionandresponse #soc #KQL #siem #soar #cloud #cloudsecurity #automation #cybersecurity
Gareth Emslie 🇿🇦 🇪🇦 🇨🇭 · @keyoke_za
39 followers · 254 posts · Server hachyderm.io
Microsoft Defender for Endpoint on Linux devices can now be manually isolated from the network through the Microsoft 365 Defender portal or using APIs, helping to prevent attackers from controlling compromised devices. API Linux isolation is also available and the device can be reconnected to the network at any time. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 #Microsoft365Defender #MicrosoftDefender #LinuxIsolation
#microsoft365defender #microsoftdefender #linuxisolation
F0rm4t · @F0rm4t
19 followers · 20 posts · Server infosec.exchangeZerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.
Learn how Zerobot works and how to defend devices and networks against it:
- Use Microsoft 365 Defender as security solutions with cross-domain visibility and detection capabilities
- Adopt a comprehensive IoT security solution such as Microsoft Defender for IoT, integrate it with XDR platform such as Microsoft Sentinel and Microsoft 365 Defender
- Harden endpoints with a comprehensive Windows security solution
- Ensure secure configurations for devices
- Use least privileges access
#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforIoT #iot #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #Zerobot #ssh #leastprivilege #rat #ioc #threatintelligence #ti #tip #ddos #ZeroStresser #webapp #vulnerabilities #cve
#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforiot #sentinel #MicrosoftSentinel #siem #soar #cloud #cloudsecurity #zerobot #ssh #LeastPrivilege #rat #ioc #threatintelligence #ti #tip #ddos #zerostresser #webapp #vulnerabilities #cve
F0rm4t · @F0rm4t
21 followers · 22 posts · Server infosec.exchange
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.
Learn how Zerobot works and how to defend devices and networks against it:
- Use Microsoft 365 Defender as security solutions with cross-domain visibility and detection capabilities
- Adopt a comprehensive IoT security solution such as Microsoft Defender for IoT, integrate it with XDR platform such as Microsoft Sentinel and Microsoft 365 Defender
- Harden endpoints with a comprehensive Windows security solution
- Ensure secure configurations for devices
- Use least privileges access
#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforIoT #iot #sentinel #microsoftsentinel #siem #soar #cloud #cloudsecurity #Zerobot #ssh #leastprivilege #rat #ioc #threatintelligence #ti #tip #ddos #ZeroStresser #webapp #vulnerabilities #cve
#microsoft #windows #security #iot #MSTIC #azure #xdr #microsoft365defender #defenderforiot #sentinel #MicrosoftSentinel #siem #soar #cloud #cloudsecurity #zerobot #ssh #LeastPrivilege #rat #ioc #threatintelligence #ti #tip #ddos #zerostresser #webapp #vulnerabilities #cve
F0rm4t · @F0rm4t
8 followers · 12 posts · Server infosec.exchangeSupercharging Defender for Endpoint with Zeek
The integration of Zeek into Microsoft Defender for Endpoint provides new levels of network analysis capabilities based on deep inspection of network traffic.
can now monitor inbound and outbound traffic with a novel engine that is capable of:
- Session Awareness
- Dynamic Protocol Detection
- Dynamic Scripting Content
#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting
#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting
F0rm4t · @F0rm4t
4 followers · 6 posts · Server infosec.exchange
Supercharging Defender for Endpoint with Zeek
The integration of Zeek into Microsoft Defender for Endpoint provides new levels of network analysis capabilities based on deep inspection of network traffic.
can now monitor inbound and outbound traffic with a novel engine that is capable of:
- Session Awareness
- Dynamic Protocol Detection
- Dynamic Scripting Content
#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting
#zeek #Corelight #microsoft #defender #microsoft365defender #xdr #edr #azure #windows #linux #network #udp #tcp #networkispection #networkbaseddetections #hunting
F0rm4t · @F0rm4t
3 followers · 5 posts · Server infosec.exchange
Firmware assessments support now in public preview in Microsoft Defender Vulnerability Management
It introduces the following new capabilities:
- New inventory for system models, processors, and BIOS across Windows, Linux and MacOS.
- Vulnerability assessment for processors and BIOS weaknesses for HP, Dell, and Lenovo.
- Evaluation of the UEFI Secure Boot mode setting for Windows and Linux.
- Ability to retrieve system model, processor, and BIOS information using export API and Advanced Hunting.
Find out more info: https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/firmware-assessments-support-now-in-public-preview-in-microsoft/ba-p/3682748
#microsoft #xdr #microsoft365defender #edr #vulnerability #vulnerabilitymanagement #tvm #defender #azure #bios #UEFI #firmware #hardware #processor #windows #linux #macos #hunting #api #management
#microsoft #xdr #microsoft365defender #edr #vulnerability #vulnerabilitymanagement #tvm #defender #azure #bios #uefi #firmware #hardware #processor #windows #linux #macos #hunting #api #management