Event banner
Event details
80 Comments
- Trevor_Rusher
Community Manager
Thank you for watching this session! We would love to hear your feedback on this event, tell us what you thought here: https://aka.ms/TechAccelSurvey1 - Heather_Poulsen
- Trevor_Rusher
That concludes today’s SIEM and XDR AMA. Thanks to everyone who was able to join us live - and to those catching up on demand!
Up next: Microsoft Defender Threat Intelligence and Sentinel integration deep dive
- Since @Corina mentioned the MITRE ATT&CK model, has there been work done to complete the mapping with DODCAR?
- Personally not sure. You can check this place https://learn.microsoft.com/en-us/azure/azure-government/compliance/azure-services-in-fedramp-auditscope with more info. Do not know if work is completed on this framework.
- How do I make good use of Microsoft Security Copilot across the Microsoft Security Ecosystem?
- Steve Newby
Microsoft
As we develop Security Copilot we will provide guidance on how to use it effectively across the ecosystems and your environment. Watch this space. - Ed FisherHi Yusuf, keep an eye out for more information announced during the RSA conference at the end of the month, and watch https://www.microsoft.com/en-my/security/business/ai-machine-learning/microsoft-security-copilot for the latest information. We just announced CoPilot at Secure, but there's much more information coming very soon.
- We use SOPHOS endpoint MDR (managed detection and response) for our endpoints and servers. I would like to find out what the Microsoft equivalent for these products would be and the licensing model required for budgetary and decision making. We want to be on a Microsoft Solution by September of this year. That includes purchase, deployment and enforcement. Can you help me identify what and who I should be talking to for Microsoft Solutions? We don't have a CASM or Microsoft account representative. We have over 500 employee's at this time.
- RavennmsftRichard Have you looked at Defender Experts for XDR - https://learn.microsoft.com/en-us/microsoft-365/security/defender/dex-xdr-overview?view=o365-worldwide We're currently in preview but expect to be generally available soon.
- Sreedhar_AndeWe have Microsoft Sentinel Content Hub Solutions available for Sophos Cloud Optix, Sophos Endpoint Protection, Sophos XG Firewall. Microsoft Sentinel's Content Hub provides pre-built solutions, Data connectors, workbooks, Analytical rules, Hunting Queries and playbooks that can be easily deployed to enhance the security capabilities of the platform.
- From the comments earlier about AIR. If AIR requests a file to be sent for analysis to the cloud (blob), how does it get feedback on whether the file is clean or malicious? Is this all handled by Defender AV for AIR and reported back to AIR, or does AIR connect into the blob itself for feedback?
- Trevor_RusherHope you are enjoying today's AMA. What do you like about this event? Please don't be shy to share your feedback here in the Comments to help shape the direction of our future events on the Tech Community!
- Can you cover data anonymisation by Safe Sample Submission by Defender AV, presumably stripping company identifiers from the data file. Is this done by Defender AV on the host, or in the cloud before ML/AI analysis?
- Steve NewbyWhat identifiers are you referring to?
- "Data storage location Defender for Endpoint operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Defender for Endpoint uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service. For more information, see Where your Microsoft 365 customer data is stored. Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States." Last sentence.
- How do I use Microsoft Sentinel when I am using a different EDR solution such as Sophos Intercept X?
- Heather_PoulsenThanks for participating in the Tech Accelerator! For reference, the panel covered this topic at around 20:50.
- Sreedhar_AndeMicrosoft Sentinel can integrate with a variety of EDR solutions. We have Solutions available for Sophos Cloud Optix, Sophos Endpoint Protection, Sophos XG Firewall
- Sreedhar_AndeMicrosoft Sentinel's Content Hub provides pre-built solutions, Data connectors, workbooks, Analytical rules, Hunting Queries and playbooks that can be easily deployed to enhance the security capabilities of the platform.
