Resources for Automatic attack disruption
Hi all, because this topic is really HOT, I thought I am sharing a collection of resources with you. Recordings: Microsoft Secure (free registration required): - How XDR defends against ransomware across the entire kill chain with Corina Feuerstein - Ask the Experts: How XDR defends against ransomware across the entire kill chain Ninja Show episode Attack disruption, with Hadar Feldman Ignite announcement: What’s new in SIEM and XDR: Attack disruption and SOC empowerment - Events | Microsoft Learn Blogs: Automatic disruption of Ransomware and BEC attacks with Microsoft 365 Defender XDR attack disruption in action – Defending against a recent BEC attack Documentation: Configure automatic attack disruption capabilities in Microsoft 365 Defender | Microsoft Learn What do you think about this new and exciting capability? Do you have any questions on how it works that we didn't refer to? If so feel free to start a conversation here! 🙂 Oh and if I missed another resource, let me know too! Heike
Unable to apply ASR rules for Windows servers (2012R2,2016, 2019 and 2022) via SCCM
Hi, I have onboarded servers 2012 R2, 2016, 2019 and 2022 into the Microsoft Defender for Endpoint via a unified solution (I am not using MMA or AMA), All statuses are Active and onboarded in the www.security.microsoft.com console. These servers are managing through the SCCM and I could deploy the Antimalware policy for all servers. Still, I am unable to deploy ASR rules for the onboarded servers, I have tried manually configure rules into the servers. Still, when I run Get-MpPreference powershell command there are blank fields for ASR components. Any solution for this? Note: These servers are not joined AAD.Ninja Cat Giveaway: Episode 9 | Attack disruption
For this episode, your opportunity to win a plush ninja cat is the following – Explain what attack disruption means and one reason why it is critical to any organization. This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14 th , 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
Update OpenSSL recommendation
Hi all, I've been trying to find out how to deal with "openssl" recommendation that I get on almost all end user computers in Defender. I'm just not sure how to deal with it... It doesn't seem to be a particular app or so.... From what I see when I check the "software inventory" page of the devices, there are many references to different files/dll?? See some few examples below: c:\program files\windowsapps\e046963f.aimeetingmanager_3.1.18.0_x64__k1h2ywk1493x8\aimeetingmanager\libcrypto-3-x64.dll c:\program files\zoom\bin\libcrypto-3-zm.dll c:\program files\dell\dell peripheral manager\libcrypto-1_1-x64.dll c:\windows\system32\driverstore\filerepository\udcdriver.inf_amd64_d70e6df8e9ed1889\x64\service\libssl-1_1-x64.dll How you deal with it? .. is that something that can be pushed via Intune..?
Investigating Alerts in Defender for Office 365
The extensive use of collaboration tools during the COVID-19 remote work era is putting many organizations at even higher risk for phishing attacks: via business emails or video conferencing solutions. This may be a good opportunity to refresh your workflows in investigating Microsoft Defender for Office 365 alerts, which can assist in catching cyberattacks in early stages.
OpenSSL
We have the recommendation to update OpenSSL. However, we can not figure out how to actually do this. There seems to be no installed location of OpenSSL so how can we update this? I have found a few posts/comments that have led me to this page New OpenSSL v3 vulnerability: prepare with Microsoft Defender for Cloud - Microsoft Community Hub but this doesn't actually help you at all. Going to OpenSSL's site for download just gives you a repository of files that don't actually update anything. So what are we supposed to do to get this remediated?
