How to prioritize efforts based on alert information from Microsoft Defender ATP, Logic Apps, and Log Analytics.

Part 3 of series: Prioritizing Microsoft Defender ATP endpoint alert telemetry with MITRE ATT&CK.

This post demonstrates how to pull DATP data into Azure Log Analytics workspaces using a Logic App.

This post helps prioritize efforts based on alert information you're already receiving from Microsoft #Defender #ATP.

Intelligence seems to be full of three-letter acronyms, including Indicators of Compromise (IoC) and Indicators of Attack (IoA). The difference....

Receiving an email lure designed to trick you into clicking a phishing link and then logging into a fake website has become a common threat. In this....

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This....

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a....

TTPs are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.”

Cyber threat intelligence should always enable decision making and action, but what good is a cyber threat intelligence program if you take no action....