Deploy Sysmon and collect additional data with Sentinel and the AMA agent
System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. Sysmon can be used…
Microsoft Defender for Endpoint series – Advanced hunting and custom detections – Part8
It is time for part 8 of the Microsoft Defender for Endpoint (MDE) series. Part 8 is focused on the hunting experience in Microsoft 365 Defender. The advanced hunting feature and custom detection feature are part of the security.microsoft.com portal. Advanced hunting is…
Microsoft Defender for Endpoint series – integrations with other products – Part7
It is time for part 7 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on Defender for Endpoint and additional configurations. Now it is time for the integration part with other products and services. Microsoft Defender can be…
Microsoft Defender for Endpoint series – Validate Defender protection and additional troubleshooting – Part6
It is time for part 6 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on onboarding and configuration and Microsoft Defender Vulnerability Management. Now it is time for the initial testing of the Defender for Endpoint component and…
Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5
It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding and configuration. Now it is time for the initial usage of the Defender for Endpoint components. One of…
Microsoft Defender for Endpoint series – Attack Surface reduction and additional protection – Part4B
It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time for some more detailed information for the Attack Surface reduction and additional protection layers of Defender for Endpoint…
Which data connector and activity is free in Microsoft Sentinel?
After the initial onboarding of Microsoft Sentinel, connectors can be used for ingesting data. Microsoft invested in pre-build connectors which can be used for adding data/events correctly in Microsoft Sentinel. For a large set of Microsoft products; there are connectors available. With the…
Microsoft Defender for Endpoint series – Define the AV policy baseline – Part4A
It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. Now it is time for some more detailed policy explanation, what do we need to enable, which setting is recommended…
Microsoft Defender for Endpoint series – Configure AV/ next-generation protection – Part4
It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for Endpoint onboarding. Now it is time for the initial configuration of the additional components part of Defender for…
How to use Microsoft Defender EASM (External Attack Surface Management)
Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to provide an external…