Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
-
Updated
May 24, 2023
#
microsoft-defender-for-endopoint
Here are 2 public repositories matching this topic...
Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack
azure
ransomware
threat-hunting
kaseya
kusto
kql
azure-sentinel
microsoft-defender
microsoft-defender-for-endopoint
-
Updated
Jul 7, 2021
Improve this page
Add a description, image, and links to the microsoft-defender-for-endopoint topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the microsoft-defender-for-endopoint topic, visit your repo's landing page and select "manage topics."