Ignite 2020: Best Practices for Hunting Across Domains in Microsoft 365 Defender

For Ignite 2020, Tali and I put together a video covering some demos showing how you can use the Advanced Hunting feature of Microsoft 365 Defender to correlate activity between the various Defender capabilities. Among other things you’ll see an example of how to use Defender for Identity and Defender for Endpoint to track down suspicious replication activity.

A copy of the query file used in this webcast is available on our public GitHub if you want to try them out in your tenant: Microsoft-365-Defender-Hunting-Queries/Ignite 2020 – Best practices for hunting across domains with Microsoft 365 Defender.csl at master · microsoft/Microsoft-365-Defender-Hunting-Queries · GitHub

Best Practices for Hunting Across Domains with Microsoft 365 Defender

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s