Christos_Ventouris

Enrich your advanced hunting experience using network layer signals from Zeek

UPDATE : July 9, 2023 The article has been updated to include new signatures added for SSL, DNS and NTLM protocols. UPDATE : May 22, 2023 On July 18, 2023, Microsoft will be deprecating a subset of signatures found in the “NetworkSignaturesInspected” action type of Advanced Hunting. With the recent integration of Zeek providing advanced […]

Enrich your advanced hunting experience using network layer signals from Zeek Continue Reading

Hunting for network signatures in Microsoft Defender for Endpoint

Security researchers Meitar Pinto and Thiago Marques also contributed to this post.   As we continue to evolve our Microsoft 365 Defender capabilities to enable security teams to analyze enriched incidents with alerts and events from diverse sources, a critical factor is user feedback. After hearing our customers’ feedback, one of the core asks was

Hunting for network signatures in Microsoft Defender for Endpoint Continue Reading