cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New URL & domain pages in Microsoft 365 Defender
By
Oren_Saban
Published Jun 20 2022 08:12 AM 8,087 Views
Oren_Saban
Microsoft
‎Jun 20 2022 08:12 AM

New URL & domain pages in Microsoft 365 Defender

‎Jun 20 2022 08:12 AM

Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever. 

Try it out: URL - Microsoft 365 security

Or you can navigate through incidents, alerts, advanced hunting or by searching URL. 

 See all URL information in one placeSee all URL information in one place

 

Now you will be able to:

  • Get Domain details
    Lets you spot newly registered domains at a glance right within the page and side panel. In an investigation, newly registered domains may be a useful indicator for a suspicious domain.
  • See the URL verdict
    We’ve added a new tile that shows the Microsoft verdict for malicious URLs, indicating whether the URL is known to be bad and why (observed in phishing, malware etc.)
  • Pivot to Threat explorer
    Navigate in context to Threat explorer to hunt for emails containing this URL or domain.  
  • See related incidents
    Review incidents in your environment that involve this URL or domain. This will help correlate the URL to the attack(s) it was observed in.

List of incidents the URL was involved inList of incidents the URL was involved in

 

 

More experiences:


Pivot from the URL to related devices
In a typical investigation, you may want to pivot from the URL to other related entities to

 

Devices who had events with this URLDevices who had events with this URL

 

 

explore the scope of the attack. For example, the devices where the URL was observed may be the next thing you want to look at. The device list now shows more details about the device - such as its risk level, operating system and more – helping you prioritize the next investigation step.

To make the pivoting easier and more efficient, you can now pivot to the device timeline directly from this list, to the first or last event that involved this URL or domain. And most importantly, you can look for related devices 6 months back with one click?

 

 

New Domain (FQDN) page
Aggregates information from different observed URLs under the same fully qualified domain name into one page. You can navigate easily from any specific URL page to the related domain page, for a broader view across multiple URLs. Investigations can now make use of new aggregated data points such as the domain prevalence & incidents.

Example: Domain - Microsoft 365 security

 

New domain page – aggregated informationNew domain page – aggregated information

 

 

 

With these new features, you can now easily investigate URLs, pivot to connected devices, uplevel to investigating the domain in aggregate, and block the malicious entity.

 

See also:

1 Comment
Co-Authors
Version history
Last update:
‎Jun 20 2022 09:33 AM
Updated by:
Labels