Query for common (legit) remote management solutions

Copper Contributor

Reading the CISA alert on Blackmatter Ransomware

just now and it leads me to this question - has someone put together a Defender for Endpoint/Sentinel query to inventory common remote management solutions (particularly those favored by ransomware operators)?  I know that I could leverage vulnerability management for this but I'd like to fashion a Sentinel detection for whenever something unexpected shows up in my environment.



0 Replies