User Profile
Diego-Gonzalez
MCT
Joined Aug 06, 2020
User Widgets
Recent Discussions
Re: Defender for Endpoint - Name Change
That's not the issue. The issue is that the local machine reports a name and the Defender for Endpoint console reports another name. Leave this case alone, I have already confirmed with Microsoft that changing the name on the console directly is not possible today. thank you all.2.7KViews0likes0CommentsRe: Advanced Hunting - Defender for Endpoint
In fact, what I was looking for would be this: I already found it, thanks for sharing and helping. To collect information from all devices: DeviceNetworkEvents | project DeviceName, Timestamp, RemoteUrl, ActionType, Protocol, RemoteIP, RemotePort | order by Timestamp desc To collect information from specific devices: let DeviceName = "Your_Device_Name"; Replace with the name of the specific device you want to investigate DeviceNetworkEvents | where DeviceName == DeviceName | project DeviceName, Timestamp, RemoteUrl, ActionType, Protocol, RemoteIP, RemotePort | order by Timestamp desc829Views0likes1CommentAdvanced Hunting - Defender for Endpoint
I would like to know how I do a Hunting to identify a machine and which user accessed certain URLs on that device. I know that Sentinel could bring this type of information, but I would like to do this through hunting in Defender for Endpoint and I would like to know what the query would look like to bring this type of information.952Views0likes3CommentsDevice Group Defender for Endpoint
A certain group was created in device group in the defender for endpoint console, I need to find out who created this group and the date when it was created, is there a way through hunting that I can bring the information of when the group was created and which was the creation date on defender for endpoint.443Views0likes0CommentsProtocol Lockdown in Windows Defender console
Eu gostaria de saber se existe uma maneira de bloquear um protocolo de rede no console do defensor, eu sei que isso é possível em uma caixa de firewall de rede ou mesmo no servidor, mas eu gostaria de bloquear um determinado protocolo e não uma porta, até porque se eu bloquear a porta durante um ataque, que o invasor pode alterar essa porta e não faria sentido bloquear a porta, existe alguma opção no console do defensor para bloquear o protocolo? obrigado.588Views0likes0CommentsRelatório movimento Lateral
Antigamente você conseguia retirar relatório no portal clássico do Microsoft Defender para Identidade relacionado a movimento Lateral um relatório semanal por exemplo, no portal do security.microsoft.com, onde esse relatório foi parar ? antigamente ele era retirado conforme essa documentação oficial https://learn.microsoft.com/pt-br/defender-for-identity/classic-reports.1.1KViews0likes2Comments
Recent Blog Articles
No content to show