Event banner

Defender for Endpoint AMA: The next evolution of automatic attack disruption

Event Ended
Tuesday, Oct 31, 2023, 09:00 AM PDT
In-Person

Event details

Defenders need every edge they can get in the fight against ransomware. We're excited to share that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated ...
Trevor_Rusher
Updated Oct 24, 2023
Defender for Endpoint
grmccauley's avatar
grmccauley
Copper Contributor
Oct 23, 2023
Can Incidents that trigger Attack Disruption (and their remediation events) be queried somehow in Advanced Hunting (or Sentinel)? I know that there is an "Attack Disruption" tag added to Incidents when viewed in the portal, but these tags don't seem to make it into the Advanced Hunting or Sentinel tables. My leadership would like a dashboard (workbook) showing all the incidents that trigged Attack Disruption and also all the remediation actions taken because of it, but I'm not able to find this info in the tables.
  • noam_hadash's avatar
    noam_hadash
    Icon for Microsoft rankMicrosoft
    Oct 31, 2023
    thank you George for your question. we currently do not enable querying for initiated disruption actions in Advanced Hunting. However, we are working to enable email notifications for cases where attack disruption was initiated to enable to have notification to its generation We will work with the team to explore the option to expose this data in Advanced Hunting as well
Location
Microsoft Tech Community
Date and Time
Oct 31, 20239:00 AM - 10:00 AM PDT