Defender - Cloud Activity Logs suspicious
Hi, I just noticed this logs from Defender - Cloud Apps > Activity Logs, seems all our Microsoft Cloud PC has these logs, looks suspicious for me as it is querying our Domain Admins account it seems, but would like to confirm. If this is suspicious, can help how to mitigate this please, thank you.
Update OpenSSL recommendation
Hi all, I've been trying to find out how to deal with "openssl" recommendation that I get on almost all end user computers in Defender. I'm just not sure how to deal with it... It doesn't seem to be a particular app or so.... From what I see when I check the "software inventory" page of the devices, there are many references to different files/dll?? See some few examples below: c:\program files\windowsapps\e046963f.aimeetingmanager_3.1.18.0_x64__k1h2ywk1493x8\aimeetingmanager\libcrypto-3-x64.dll c:\program files\zoom\bin\libcrypto-3-zm.dll c:\program files\dell\dell peripheral manager\libcrypto-1_1-x64.dll c:\windows\system32\driverstore\filerepository\udcdriver.inf_amd64_d70e6df8e9ed1889\x64\service\libssl-1_1-x64.dll How you deal with it? .. is that something that can be pushed via Intune..?MS 365 Defender - What permissions are needed to move and delete emails in Explorer?
I need a tech with limited permissions to be able to Remediate malicious email delivered in Office 365 These are the options I have in Admin. I tried a bunch of recommended actions, yet I don't seem to have the correct Admin portals as shown here. For example, I don't have MS 365 Defender Permissions Group shown in the video:
Help to Defender XDR - KQL to Detection rule for Vulnerability Notification
The query essentially functions as part of a monitoring, designed to identify and summarize list of vulnerable applications within a set time frame—particularly, events recorded in the current month. When I try to convert this rule to run as detection rule, I get the error "Can't save detection rule". Can someone help to me understand how I can fix the issues? // Date - 05-05-2024 - Helps to automate daily vulnerability notification alerts to be logged to servicedesk via emails (untill Defender Product gets native feature) let Timestamp = now(); let ReportId = toint(rand() * 100000000); DeviceTvmSoftwareVulnerabilities | extend OSFamily = case( OSPlatform in ("Windows10", "Windows11", "Windows10wVD"), "Desktop", OSPlatform in ("WindowsServer2012R2", "WindowsServer2016", "WindowsServer2019", "WindowsServer2022"), "Server", "Other") | where OSFamily != "Other" // Only processing Desktops and Servers | where DeviceName !="" and DeviceName != " " // Exclude blank and space-only DeviceNames | summarize DesktopDeviceNameList = make_list(iif(OSFamily == "Desktop", DeviceName, "")), ServerDeviceNameList = make_list(iif(OSFamily == "Server", DeviceName, "")), DetailedDeviceList = make_list(bag_pack("DeviceName", DeviceName, "DeviceId", DeviceId, "OSPlatform", OSPlatform)), take_any(SoftwareName, SoftwareVersion, VulnerabilitySeverityLevel, RecommendedSecurityUpdate) by CveId | lookup DeviceTvmSoftwareVulnerabilitiesKB on CveId | where startofmonth(PublishedDate) == startofmonth(now()) | project Timestamp, ReportId, CveId, VulnerabilitySeverityLevel, CvssScore, IsExploitAvailable, DesktopDeviceNameList, ServerDeviceNameList, DetailedDeviceList, PublishedDate, LastModifiedTime, VulnerabilityDescription, AffectedSoftware
Announcing quarantine release integration in Microsoft Defender for Office 365 hunting experience!!
This feature allows SecOps teams to define and better filter on messages with custom queries and take release action directly from hunting experiences - Threat Explorer, Advanced Hunting, Email summary panel, Email Entity Page, and custom detections!!Microsoft Classic Teams Still Showing as exposed Devices on M365Defender Admin Center After Updating
Hi Everyone, Good day.. Teams classic is showing as exposed in the Microsoft 365 defender Admin portal. But we have already updated to New teams in our environment.Intune report says its updated to latest version. Pls let us know how to fix this issue. Does this New teams is showing in defender. Pls suggest... Or is this a known issue Can you anybody suggest how we can fix the devicesvulnerabilitylist Thanks in Advance... Karimulla
