User Profile
nopnop
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Again Help with Discover Functions
Hi, We are getting alerts named "PowerShell Suspicious Discovery Related Windows API Functions" about executing a ps script named with numbers under the path "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\". Are these legit actions or not? The query contains: NetShareEnum NetWkstaUserEnum NetSessionEnum NetLocalGroupEnum NetLocalGroupGetMembers DsGetSiteName DsEnumerateDomainTrusts WTSEnumerateSessionsEx WTSQuerySessionInformation LsaGetLogonSessionData QueryServiceObjectSecurity Thank you.PowerShell Suspicious Discovery Related Windows API Functions alerts about C:\ProgramData\Microsoft\
Hi, We are getting alerts named "PowerShell Suspicious Discovery Related Windows API Functions" about executing a ps script named with numbers under the path "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\". Are these legit actions or not? The query contains: NetShareEnum NetWkstaUserEnum NetSessionEnum NetLocalGroupEnum NetLocalGroupGetMembers DsGetSiteName DsEnumerateDomainTrusts WTSEnumerateSessionsEx WTSQuerySessionInformation LsaGetLogonSessionData QueryServiceObjectSecurity Thank you.Source Code Classifier
Hi Everyone, I am sharing this topic again because I really need help. I've tried the same trainer in teams and it works. Why the endpoint does not work? I have a DLP policy for Endpoint in Purview as the following: I want to detect when any source code shared and block. But when I try to share a code file e.g within a browser it does not block, I cannot detect. ,the policy does not work. Is it not work for endpoint? How can I make it work? Could you please help?Source Code Trainable Classifer
Hi Everyone, I have a DLP policy for Endpoint in Purview as the following: I want to detect when any source code shared and block. But when I try to share a code file e.g within a browser it does not block, I cannot detect. ,the policy does not work. Is it not work for endpoint? How can I make it work? Could you please help?Re: DLP License Requirements
I think I couldn't explain it clearly. What I want to learn simply is that how many license do i need. Do I need licenses as much as users or just one is enough to use DLP for endpoint feature for the all company? Because to use that feature device onboarding is needed. So, should I buy the licenses for each device? This is not a situation related terms violation.4KViews0likes1CommentRe: DLP License Requirements
I couldn't find the answers which I'm looking for from there. So, I have just one Microsoft 365 E5 License, I can continue to use the DLP for Endpoint for the all company users without assigning it as long as the License is available? That is true?VasilMichev4.2KViews0likes3CommentsDLP License Requirements
Hi everyone, I have using DLP endpoint as trial. Now I purchased an E5 license. What to do to continue use the DLP without losing any config or data? Does it matter who am i assigning or do I have to assign someone? One E5 license are enough for our company or how manyI need? CAn I use the DLP endpoint as long as E5 license expires or how? Do I need to take any action? Could you answer these questions please? Thank you so much.
Recent Blog Articles
No content to show