User Profile

nopnop

Copper Contributor

Joined 4 years ago

18 Posts1 Solution

View All Badges

User Widgets

Recent Discussions

Alerts in Elasticsearch
Hi, I couldn't find cloud policy alerts on Kibana. How I need to search? I can see Security & Compliance Center and endpoint alerts but not Cloud alerts. Could you please help? Thank you.
Sep 12, 2023 Place Microsoft Defender for Cloud Apps
551Views
0likes
0Comments
Security Alerts to SIEM
Hi, How can I rotate all Security and Compliance alerts to ELK? I could not find any efficient guidance. Could you please help?
Sep 07, 2023 Place Microsoft Security
microsoft 365 compliance center
Microsoft Compliance Manager
microsoft defender for cloud
microsoft defender for endpoint
1.3KViews
0likes
1Comment
Again Help with Discover Functions
Hi, We are getting alerts named "PowerShell Suspicious Discovery Related Windows API Functions" about executing a ps script named with numbers under the path "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\". Are these legit actions or not? The query contains: NetShareEnum NetWkstaUserEnum NetSessionEnum NetLocalGroupEnum NetLocalGroupGetMembers DsGetSiteName DsEnumerateDomainTrusts WTSEnumerateSessionsEx WTSQuerySessionInformation LsaGetLogonSessionData QueryServiceObjectSecurity Thank you.
May 30, 2023 Place Microsoft Security
identity protection
microsoft 365 defender
microsoft defender for endpoint
security
threat protection
778Views
0likes
0Comments
Re: Is ctldl.windowsupdate.com legit?
It says for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. But where I saw is Windows 10. So, can we say still legit?
May 10, 2023 Place Microsoft 365
20KViews
0likes
0Comments
Is ctldl.windowsupdate.com legit?
Is ctldl.windowsupdate.com legit? It seems malicious on VT. I have came across in the logs: "svchost.exe has initiated a HTTP connection to http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?blabla"
May 09, 2023 Place Microsoft 365
microsoft 365
microsoft 365 admin center
microsoft 365 defender
security
21KViews
0likes
2Comments
PowerShell Suspicious Discovery Related Windows API Functions alerts about C:\ProgramData\Microsoft\
Hi, We are getting alerts named "PowerShell Suspicious Discovery Related Windows API Functions" about executing a ps script named with numbers under the path "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\". Are these legit actions or not? The query contains: NetShareEnum NetWkstaUserEnum NetSessionEnum NetLocalGroupEnum NetLocalGroupGetMembers DsGetSiteName DsEnumerateDomainTrusts WTSEnumerateSessionsEx WTSQuerySessionInformation LsaGetLogonSessionData QueryServiceObjectSecurity Thank you.
May 09, 2023 Place Microsoft Defender XDR
alerts
microsoft defender for endpoint
siem
1.6KViews
0likes
0Comments
Source Code Classifier
Hi Everyone, I am sharing this topic again because I really need help. I've tried the same trainer in teams and it works. Why the endpoint does not work? I have a DLP policy for Endpoint in Purview as the following: I want to detect when any source code shared and block. But when I try to share a code file e.g within a browser it does not block, I cannot detect. ,the policy does not work. Is it not work for endpoint? How can I make it work? Could you please help?
Feb 28, 2023 Place Microsoft Security
data loss prevention
endpoint security
microsoft information protection
microsoft purview
2KViews
0likes
1Comment
Source Code Trainable Classifer
Hi Everyone, I have a DLP policy for Endpoint in Purview as the following: I want to detect when any source code shared and block. But when I try to share a code file e.g within a browser it does not block, I cannot detect. ,the policy does not work. Is it not work for endpoint? How can I make it work? Could you please help?
Feb 15, 2023 Place Microsoft Security
data loss prevention
microsoft 365 compliance center
microsoft purview
748Views
0likes
0Comments
Re: Preventing Code Share via DLP
Is it only file-based detection or e.g. pasting a code block to a website can be blocked too?
Feb 14, 2023 Place Microsoft Security
918Views
0likes
0Comments
Preventing Code Share via DLP
Hi, Has the Microsoft Purview DLP the capability of detecting and preventing software code sharing?
Feb 02, 2023 Place Microsoft Security
data loss prevention
endpoint security
insider risk management
microsoft purview
security
1.1KViews
0likes
2Comments
Re: DLP License Requirements
I think I couldn't explain it clearly. What I want to learn simply is that how many license do i need. Do I need licenses as much as users or just one is enough to use DLP for endpoint feature for the all company? Because to use that feature device onboarding is needed. So, should I buy the licenses for each device? This is not a situation related terms violation.
Jan 11, 2023 Place Microsoft Security
4KViews
0likes
1Comment
Re: DLP License Requirements
I couldn't find the answers which I'm looking for from there. So, I have just one Microsoft 365 E5 License, I can continue to use the DLP for Endpoint for the all company users without assigning it as long as the License is available? That is true?VasilMichev
Jan 11, 2023 Place Microsoft Security
4.2KViews
0likes
3Comments
DLP License Requirements
Hi everyone, I have using DLP endpoint as trial. Now I purchased an E5 license. What to do to continue use the DLP without losing any config or data? Does it matter who am i assigning or do I have to assign someone? One E5 license are enough for our company or how manyI need? CAn I use the DLP endpoint as long as E5 license expires or how? Do I need to take any action? Could you answer these questions please? Thank you so much.
Jan 10, 2023 Place Microsoft Security
data loss prevention
endpoint security
microsoft 365 compliance center
microsoft 365 defender
microsoft purview
4.5KViews
0likes
5Comments
Re: DLP for Endpoint Locations
Hi, Thanks for all. The problem turned out to be a lack of eligible license.
Dec 27, 2022 Place Microsoft Purview
1.2KViews
0likes
0Comments
DLP False alerts
Hi everyone, I have a DLP policy has both low volume and high volume rules. Low volume rule's alerts are turned off, but i still getting alerts. What is the soultion to prevent that? Thanks in advance.
Dec 27, 2022 Place Microsoft Security
compliance management
data loss prevention
microsoft purview
905Views
0likes
0Comments
Re: DLP for Endpoint Locations
I have MS Defener For Enpoint 2 licence and onboarded devices with it. But i cannot see it in purview Trial SocInABox
Nov 01, 2022 Place Microsoft Purview
1.3KViews
0likes
1Comment
DLP for Endpoint Locations
Hi All, I'm trying to add new policy but I cannot see the Devices . How can I see that? what is the solution? I have Microsoft Defender Licence and onboarded devices with thhis licence. But I cannot see them in purview.
Solved
Oct 31, 2022 Place Microsoft Purview
endpoint dlp
1.4KViews
0likes
4Comments
Microsoft Defender for Endpoint on Linux
Hi, I want to install an EDR agent (Microsoft Defender for Endpoint on Linux), but I want use it ONLY for vulnerability management to track vulns. How should I configure it? What are the steps I need to take? Thanks
Aug 08, 2022 Place Microsoft Defender for Endpoint
922Views
0likes
0Comments

Recent Blog Articles

No content to show