PrintNightmare – Use Microsoft Defender/ Sentinel toolings to get insights
Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that makes remote code execution possible. The issue affects Windows Print Spooler. The researchers named it PrintNightmare. Currently, the latest June 2021 security patches do not…
Monitor RDP Brute Force Attack with Azure Sentinel & Azure Security Center
Since the last years, there is a large increase in cybercriminals attempting to run attacks by exploiting the login credentials. With the current work-from-home scenario, more attacks are visible against the RDP protocol. At the moment one of the most common attacks against…
Review service principals with Azure AD Access Reviews and monitor with Azure Sentinel
A new feature in public preview is the Azure AD access review functionality. With the new AzureAD access reviews function it is possible to review service principals in the Azure environment. With the more growing trend of cloud services and application service principals…
Monitor Azure AD break-glass accounts with Azure Sentinel
Conditional Access configuration for AzureAD accounts is important. With Conditional Access you can protect easy accounts, block outdated protocols and create more security cases to protect corporate data. An important part of Conditional Access is the usage of break-glass accounts. In this blog…
Export Microsoft 365 Defender security events with the streaming API
By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. For longer data retention it is possible to export events to external sources, most typical; Azure Storage or Azure Event Hubs. In…
Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot
The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsApp message. When opening the link and installing the app the FluBot malware will be activated. With the…
Integrate Azure Sentinel with Microsoft Teams for seamlessly collaboration
Working from home became the new normal in most of the work environments. With the increase of working from home also the security impact changed. During security incidents, most of the collaboration will be done with chat, email, or video, there is no…
Use Azure Security Center workbooks for detailed information/ dashboards
Azure Security Center included integration with Azure Workbooks. With the new Workbooks feature is it possible to build custom reports. From Azure Security Center there is integration with Azure Workbooks. By default Azure Security Center included three new dashboards for more detailed information…
Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network
Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices are connected to the enterprise network environment. With the new Defender for Endpoint Discovery functionality, it is possible to…
Defender for Endpoint on Linux onboarding and behavior monitoring detection
Microsoft Defender for Endpoint supports more platforms. Since 2020 Defender for Endpoint is available for Linux systems. Recently Microsoft announced the behavior monitoring preview feature for Linux. This blog is about all the parts of Defender for Endpoint on Linux systems, focussed on…