Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender Microsoft Defender for Endpoint Custom detection rules are rules you can design and tweak using advanced hunting queries. These rules […]
Articles Tagged: Microsoft
Custom detections overview (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender Microsoft Defender for Endpoint With custom detections, you can proactively monitor for and respond to various events and […]
FileProfile() (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The FileProfile() function is an enrichment function in advanced hunting that adds the following data to files found by the query. TABLE […]
DeviceFromIP() (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender Important Some information relates to prereleased product which may be substantially modified before it’s commercially released. Microsoft makes […]
AssignedIPAddresses() (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender Use the AssignedIPAddresses() function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a […]
IdentityQueryEvents (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The IdentityQueryEvents table in the advanced hunting schema contains information about queries performed against Active Directory objects, such as users, groups, devices, […]
IdentityLogonEvents (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The IdentityLogonEvents table in the advanced hunting schema contains information about authentication activities made through your on-premises Active Directory captured by Microsoft […]
IdentityInfo (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The IdentityInfo table in the advanced hunting schema contains information about user accounts obtained from various services, including Azure Active Directory. Use […]
IdentityDirectoryEvents (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The IdentityDirectoryEvents table in the advanced hunting schema contains events involving an on-premises domain controller running Active Directory (AD). This table captures […]
EmailUrlInfo (Microsoft)
Important The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new. Applies to: Microsoft 365 Defender The EmailUrlInfo table in the advanced hunting schema contains information about URLs on emails and attachments processed by Microsoft Defender for Office […]