Forum Discussion
Possibility of monitoring below via Defender for Endpoint
dilanmic Thanks for your questions Dilan.
For your question on:
- capability of receiving notifications to Teams
You can add this capability using MDE APIs. You can use Microsoft Flow (or your Security Orchestration Automated Response (SOAR) service) to call Microsoft Teams. Here is an example of integration with Microsoft Defender for Cloud Apps (What is Defender for Cloud Apps? | Microsoft Docs). Instead of the Microsoft Defender for Cloud Apps you can replace with the Microsoft Defender for Endpoint APIs: Integrating Microsoft Teams with Microsoft Cloud App Security - Microsoft Tech Community
I'll respond to your other questions as well.
For this one:
- block inbound/outbound malicious network(reverse TCP/BIND) traffic via firewalling
Are you interested in monitoring blocks on inbound/outbound malicious network connections? If so, you can do this. You can see more info here: Auditing - Win32 apps | Microsoft Docs
snippet below:
Object Access | Filtering Platform Connection {0CCE9226-69AE-11D9-BED3-505054503030} |
Allowed and blocked connections:
[!Note] |