Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Excluded Microsoft 365 DefenderYou can create AV exclusions by using the File Indicators in the portal (based on hash value of excluded files) or you can use the exclusion configurations offered in GPO/Powershell/Intune https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-worldwideRe: Automating detection engineering for MS 365 DefenderStay tuned 🙂 There will be news on this specific area really soon 🙂 *wink* *wink*Re: Near real-time (NRT) detections in Microsoft 365 Defender - Ninja ShowAmazing show 😄Re: Alert policy - Add mailbox permission - No detailed alert.Which product was that alert policy created in ? Was it an advanced hunting Custom Detection or was it a policy in Defender for Cloud Apps ?Re: Akira Ransomeware group Hello ArthurEiseb, There are already detections for this family Ransom:Win32/Akira Ransom:Win64/Akira Ransom:Win64/Akira.AA There are also EDR detections for the activity. Re: False Positive with endpointyou can now use the Unified Submissions page within the M365 Defender portal to submit FPs https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/admin-submissions-mde?view=o365-worldwide
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagEnrich your advanced hunting experience using network layer signals from Zeek Expand your investigation, hunting, and detection capabilities using a variety of Zeek-based events in advanced hunting. Hunting for network signatures in Microsoft Defender for Endpoint Read this blog post to discover Microsoft Defender for Endpoint new capability on capturing and analyzing Network traffic.
MicrosoftMicrosoftMicrosoftMicrosoft
