by Alex Verboon
As with almost any solution, one of the time consuming activities is to get the prerequisites in place until you get things up and running, this is no different with Microsoft Defender Advanced Threat Protection. Although the solution itself is Read More …
I spend quite some time during the week travelling to and from customers, to make the best use of travel time, I usually read blogs and tweets or take online trainings to keep myself up to date about whatever interests Read More …
Most of the features included in Windows Defender Exploit Guard can be enabled in audit or block mode. The impact can then be analyzed either by looking at the corresponding Windows Event log entries or through advanced hunting queries in Read More …
Windows Defender ATP provides SIEM integration, allowing you to pull alerts from Windows Defender ATP Security Center into Splunk. The SIEM integration uses the Windows Defender ATP Alerts Rest API. Since I have an actual customer demand for such an Read More …
Here’s a little utility to check the status of Windows Defender ATP on a local or remote client. I basically took some code from the WDATP connectivity verification tool, removed the network connectivity testing part (I might add that later Read More …
I am currently working on some automation around Windows Defender, so started to look at the Windows Defender Advanced Threat Protection query API. Note that this API is still in preview. I wrote two functions for this. Connect-WindowsATP is used Read More …