Reading the CISA alert on Blackmatter Ransomware
just now and it leads me to this question - has someone put together a Defender for Endpoint/Sentinel query to inventory common remote management solutions (particularly those favored by ransomware operators)? I know that I could leverage vulnerability management for this but I'd like to fashion a Sentinel detection for whenever something unexpected shows up in my environment.