Invalidating kerberos tickets via XDR?

There's no direct "Revoke Kerberos Ticket" button in Microsoft Defender XDR.

The "Revoke Session" in Entra ID only covers cloud/OAuth tokens. it won't touch on-prem Kerberos tickets. They're separate authentication stacks.

For a Golden Ticket scenario, you'd need to reset the KRBTGT account password (twice, with a gap between resets).

for a PtT alert would typically be: isolate the endpoint from XDR, reset the user's AD password, force a logoff or reboot of the compromised machine (which clears tickets from memory), and then revoke Entra sessions too if it's a hybrid-joined device with cloud SSO.