Top Tweets for #AdvancedHunting
๐๐ถ๐น๐ฒ๐ ๐ฎ๐น๐ถ๐ฐ๐ถ๐ผ๐๐๐๐ผ๐ป๐๐ฒ๐ป๐๐๐ป๐ณ๐ผ is a newly introduced ๐ #AdvancedHunting table for ๐ก๏ธ Microsoft Defender for Office 365, currently available in ๐ฃ๐๐ฏ๐น๐ถ๐ฐ ๐ฃ๐ฟ๐ฒ๐๐ถ๐ฒ๐.
This table provides detailed visibility into files processed by Microsoft Defender for Office 365 across SharePoint Online, OneDrive, and Microsoft Teams, making it a strong foundation for ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐ต๐๐ป๐๐ถ๐ป๐ด and ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐ถ๐ป๐๐ฒ๐น๐น๐ถ๐ด๐ฒ๐ป๐ฐ๐ฒ correlation.
๐ More info: https://t.co/U0Ahg6nxGU
#MicrosoftSecurity #MicrosoftDefender #DefenderXDR #KQL #KustoQuery
I had these stickers ready in time for #KustoCon, too bad I didn't have the chance to give them out.
Maybe next year ๐ซก
In the meantime, if we meet somewhere, don't hesitate to ask for them ๐
#KQL #KustoQuery #AdvancedHunting
.@MVPAward approves! ๐ซก
Start your journey in threat hunting with some cool stuff, Zeek signals which are embedded in MDE are a gold mine of logs that allows uncovering some serious threats!
#ThreatHunting #DefenderXDR #AdvancedHunting #DefenderforEndpoint #MVPBuzz
๐ Hunting for threats just got smarterโwith help from the community!
Microsoft Defender for Endpoint now features Zeek-based signals in Advanced Hunting, delivering deep protocol-level insights across HTTP, SSH, DNS, and more. ๐ This upgrade enhances visibility, detection, and precisionโespecially for threat hunters using DeviceNetworkEvents.
๐ก Shoutout to Microsoft Security MVP @Cyb3rMik3, whoโs actively applying these new signals in real-world KQL queries and detection engineering. His GitHub is full of great examples to help you get started. ๐ฌ
๐ ๏ธ Already using NetworkSignatureInspected? Time to update your queries with the latest *ConnectionInspected action types for better performance and reliability.
๐ Dive into the full blog and take your hunts to the next level:
๐ https://t.co/lxgcyiKUhY
#MVPBuzz
๐ Day 3 of my #CybersecurityLearningStreak! Today I
1๏ธโฃ Applied @Microsoft Defender for O365 security policies
2๏ธโฃ Prepped the Defender workspace
3๏ธโฃ Managed and investigated incidents
4๏ธโฃ Conducted advanced hunting in 365 Defender.
#Microsoft365 #CloudSecurity #AdvancedHunting
Exposure Management is growing well, two new tables have been introduced to help investigate security posture: ExposureGraphNodesย andย ExposureGraphEdges.
#DefenderXDR #AdvancedHunting #KQL #KustoQuery
https://t.co/qs2DceP6U6
I built two #KQL queries for this blog which identify device containment, and remove from containment as well, based on DeviceRegistryEvents table.
1โฃ https://t.co/MkSgkPlhvI
2โฃ https://t.co/TjLsQMklbo
#MicrosoftSecurity #DefenderXDR #AdvancedHunting
๐ข New blog!
You contain an endpoint during IR, but you don't have time to notify stakeholders, the user, help desk who might be reached out etc. This logic app is based on #KQL & identifies containment actions, adds a tag & sends an email.
#DefenderXDR
https://t.co/MyoalQIYaY
This is great too !!
That looks like Microsoft Sentinel experience ๐๐๐
โ
Update : https://t.co/xuDv8wG0Ru
#AdvancedHuntingย #MDEย #EDRย #MicrosoftDefenderXDRย #MicrosoftDefenderforEndpoint
Wow This is great !!
Now we can see Query History ๐๐๐
โ
Update : https://t.co/xuDv8wG0Ru
#AdvancedHunting #MDE #EDR #MicrosoftDefenderXDR #MicrosoftDefenderforEndpoint
If you missed NinjaShow yesterday, you can watch it on YouTube!!
I talked about #KQL, #AdvancedHunting in #MDE. Focused on #ASRrules and #WebProtection data visualization.
https://t.co/85IcYAp4vR
Wow Nice ๐ฅน
This page covers a number of โActionTypesโ in Advanced Hunting !! Super useful for tracking activities.
โ
GitHub: https://t.co/OsEQ5aoj0l
#KQL #Kusto #AdvancedHunting
โ Working on incident response playbooks, investigating initial access for business email compromise (BEC) cases?...
[1/2]
#MicrosoftSentinelย #MicrosoftSecurityย #CloudSecurityย #Microsoft365Defenderย #ThreatHunting #ThreatDetection #AdvancedHunting #BEC
https://t.co/9jAR6BlgIM
Useful #TI to build a hunt. #MDE #AdvancedHunting #kql @BridewellCTI @msftsecurity
EmailEvents
| where EmailDirection =~ "Inbound"
| join EmailAttachmentInfo on $left.NetworkMessageId == $right.NetworkMessageId
| where FileName matches regex @"copy_document_[0-9]{1,4}\.pdf"
#IcedID
C2: yewopeuropaus\.com
Attachment: copy_document_[0-9]{1,4}\.pdf
new use of /k option
ex: ..\RHSVwEUo.dat,ping /k china476
Email -> PDF -> URL -> Keitaro Redirect -> JS -> PS -> PS ->IcedID
![k3dg3's tweet photo. #IcedID
C2: yewopeuropaus\.com
Attachment: copy_document_[0-9]{1,4}\.pdf
new use of /k option
ex: ..\RHSVwEUo.dat,ping /k china476
Email -> PDF -> URL -> Keitaro Redirect -> JS -> PS -> PS ->IcedID https://t.co/57DtDMCMdA](https://pbs.twimg.com/media/Fuv3opJWcBcfzTi.jpg)
๐ How to use #PowerShell to Invoke #AdvancedHunting #KQL Querys in #M365 #Defender. All the details in my Blog Article ๐ฃ
https://t.co/hiWMNljmYo
Use Advanced Hunting #KQL to identify devices/users still using the depreciated MSOnline, AzureAD PowerShell Modules https://t.co/Niv6jG6vHN #kql #AzureAD #AdvancedHunting #PowerShell #mvpbuzz
I've been doing some playing around with the new #Zeek data in #Defender's #AdvancedHunting and these are my initial observations... ๐งต
Zeek network events from endpoints now available in M365 Defender / Defender for Endpoint advanced hunting https://t.co/9QrM7wHAmG
Tomorrow April 4th, @alexverboon and @castello_johnny will host #KQLCafe session 13 at 1800 CET. Our guest will be Alexander Sloutsky https://t.co/ixCUNR3SHq
#KQL #mvpbuzz #AdvancedHunting
#CVE-2023-2397 (Outlook). Check if your devices are vulnerable via the following Advanced Hunting Query.
DeviceTvmSoftwareVulnerabilities
| where CveId in ("CVE-2023-23397")
| distinct DeviceId,DeviceName,OSPlatform
#CVE #Outlook #Office365 #AdvancedHunting #Defender
March 1, 2023 and I'm celebrating 6 months in @TeamCloudWay with this scenery just a 5 minute walk from my #homeoffice in #Norway.
My ancestors made their living from #phishing in the seas and #advancedhunting in the mountains around here. I make my living from the #Cloud
Last Seen Hashtags on Sotwe
niktounsi
nurmahmt
Seen from Indonesia
creampie
Seen from United Kingdom
SaludUCR
Seen from Brazil
welcomeVictor
Seen from United States
genshinfes
Seen from United States
ๅฅณ้ซ
Seen from Japan
istanbulpasif
Seen from Turkey
ugandanm
เนเธฅเนเธเธชเธงเธดเธเนเธเนเนเธเธดเธกเนเธเนเธกเธเธงเธฒเธกเธชเธธเธ
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers