The Virtual Ninja Show | Season 5 Episode 4!

Live Response

We’re on with Product Manager Lior Liberman and Senior Software Engineer Ameer Tabony to discuss the highly anticipated Live response feature. We will define what it is; learn which platforms support it today; and talk scripts, service limitations, and more. Join us as we share a powerful demo showcasing the script library and learn how analysts can use this tool to their advantage.

Inquiries for the product team? Post your questions in advance or anytime during the live broadcast for our experts to answer.

This episode will be available on-demand immediately after the completion of the live event. Watch all previous Ninja Show episodes and see the full season calendar at >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FNinjaShow&data=05%7C01%7Cv-dysnod%40microsoft.com%7C119e8ccb927640d4e4d008dbb54527e3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638303080848714146%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=insHk3aTBXcldYY13GXOsFyAqHqrEwP94TABp66qFi0%3D&reserved=0.

Thanks for joining us! The next episode:
Improve your security posture with Microsoft Defender Experts for XDR airs Monday, September 25^th at 9 AM PT!

Add it to your calendar here >> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FNinjaShow%2F505%2Fcalendar&data=05%7C01%7Cv-dysnod%40microsoft.com%7Ccb850c0b1057401e9b9908dbb550866b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638303129688873115%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=2LzOzp4m6UmHGDNDZyQD%2FGXAiXc9vUI0lRgeL6DmGWQ%3D&reserved=0

Dylan_Snodgrass

Updated Dec 27, 2024

Virtual Ninja Show

6 Comments

KapildevC
Occasional Reader
Oct 01, 2023
Thanks for the wonderfull session. Learning day by day using this Ninja show. Can we able to collect the Event viewer logs using Live response session? In some scenarios we may get communication errors, sensor errors etc... So If we collect the event viewer logs of endpoint using live response session we can able to identify what is the exact issue using event ID. I hope this will be helpful for security experts to fix the issues without interacting with end users.
SebasC420
Occasional Reader
Sep 20, 2023
This is a great video and a quick look at the Live Response function. I have a question regarding the execution of scripts using the "run" command, is there any limitation on the actions that can be executed from the script that has been loaded into the library?
- Ameer_Tabony
  Microsoft
  Sep 22, 2023
  In case of params are required, they need to be primitive types. In addition, the script size limit to be uploaded to the library is 10mb. And lastley, scripts execution time limit is 30 minutes (longer than 30m will be timed out).
gaeln30
Copper Contributor
Sep 20, 2023
For live response are there preset (top 5) command lines available besides typing Help which we can run on machines to take actions. For example, when machines not managed by Intune and onboarded in MDE and are reported "Waiting for restart" after an update .....how can a restart be initiated with Live Response?
- Ameer_Tabony
  Microsoft
  Sep 21, 2023
  All live response commands are listed within Help action. Regarding the example of "Waiting for restart", you can create ps to reboot the device and execute it either from live response console or with live response API.
Jerry Honeycutt
Copper Contributor
Sep 20, 2023
Welcome to this episode of the "Microsoft 365 Defender Virtual Ninja Training" show with Heike Ritter. The team is here to answer your questions about Microsoft 365 Defender and Live Response. Please post each in a separate thread, and don't be shy!

Event details