|
The new device timeline is now generally available.
The device timeline reflects all the event observed on a device in a chronological order, it’s mostly used to deepen the investigation and pivot from an alert to learn what happened on a device before/after the suspicious activity. the new view keeps the existing functionality in pair, in addition to performance several UI improvements.
The new timeline offers faster loading time, while seamlessly fetching bigger chunks of data (1000 instead of 200), in addition to several UI improvements for a smoother experience.
- New event side panel, aligned with the alert story process tree experience, for easy orientation
- Enhanced MITRE data, showing all related techniques and tactics at a single event panel
- Linking events to the new user side panel, providing more details and context to the investigation without leaving the page
- Better visibility to the data set shown in the timeline, by reflecting the applied filters on top of the table
|
|
Detecting and remediating command and control attacks at the network layer. Microsoft Defender for Endpoint helps SecOps teams detect network C2 attacks earlier in the attack chain, minimize the spread by rapidly blocking any further attack propagation, and reduce the time it takes to mitigate by easily removing malicious binaries. |
|
Mobile Network Protection for Defender for Endpoint on Android and iOS now generally available. Microsoft brings network protection features in Defender for Endpoint to Android and iOS providing more ways to help organizations identify, assess, and remediate endpoint weaknesses with the help of threat intelligence. |
|
Use the new Microsoft 365 Defender API for all your alerts. The new Microsoft 365 Defender alerts API, currently in public preview, enables customers to work with alerts across all products within Microsoft 365 Defender using a single integration. |
|
Announcing new removable storage management features on Windows. Over the last several months, Microsoft Defender for Endpoint has rolled out a handful of device control capabilities to help secure removable storage scenarios on Windows. |
|
Microsoft Defender for Endpoint now integrated with Zeek. The integration of Zeek into Microsoft Defender for Endpoint provides new levels of network analysis capabilities based on deep inspection of network traffic powered by Zeek, a powerful open-source network analysis engine that allows researchers to tackle sophisticated network-based attacks in ways that weren't possible before.
|
|
Built-in protection is now generally available. Built-in protection helps protect your organization from ransomware and other threats with default settings that help ensure your devices are protected. Built-in protection is a set of default settings that are rolling out to help ensure your devices are protected. These default settings are designed to protect devices from ransomware and other threats. |
|
Check out the Library API to upload/delete/update files in your tenant's library.
|
|
Stopping C2 communications in human-operated ransomware through network protection. Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
|