Can a SOC which only looks at the UI suspect the
following?DeviceProcessEvents| where Timestamp > ago(1d)| where FileName
=~ "vssadmin.exe" and ProcessCommandLine has_any("list shadows", "delete
shadows")or FileName =~ "fsutil.exe" and ProcessCommandLine has "usn"
and ProcessCommandLine has "deletej...
I like the idea of this however it is a bit bare bones at the moment.
Will there be more features from added to this multitenant portal
eventually? I noticed that it gave me an error when trying to run some
of the threat hunting queries. Seems you cannot do table joins in the
multi-tenant queries. I...
@Daniel Naim, great work on this new feature addition to MDI. Can the
group Managed Service Account (gMSA) be used as a directory service
account on AD CS with the MDI sensor? If yes, please point me to the
documentation.
@David Wanderer there is nothing concrete we can share at the moment,
but we're aware of the need to easily enable alerts based on the
insights of behaviors and we are considering it as part of our future
plans.
Latest Comments