Jun 02 2022 08:35 PM
Hi All,
We have a requirement of getting done below things from Defender for Endpoint. I would appreciate it, if anyone let me know what are the things capable and if not, do we have any work arounds for that?
thanks in advance
regards,
Dilan
Jun 10 2022 11:41 AM
@dilanmic Thanks for your questions Dilan.
For your question on:
You can add this capability using MDE APIs. You can use Microsoft Flow (or your Security Orchestration Automated Response (SOAR) service) to call Microsoft Teams. Here is an example of integration with Microsoft Defender for Cloud Apps (What is Defender for Cloud Apps? | Microsoft Docs). Instead of the Microsoft Defender for Cloud Apps you can replace with the Microsoft Defender for Endpoint APIs: Integrating Microsoft Teams with Microsoft Cloud App Security - Microsoft Tech Community
I'll respond to your other questions as well.
Jun 10 2022 02:07 PM
For this one:
Are you interested in monitoring blocks on inbound/outbound malicious network connections? If so, you can do this. You can see more info here: Auditing - Win32 apps | Microsoft Docs
snippet below:
Object Access | Filtering Platform Connection {0CCE9226-69AE-11D9-BED3-505054503030} |
Allowed and blocked connections:
[!Note] |