Kevin Beaumont on Nostr: Really good blog from MS about hunting on Microsoft Graph telemetry (which only ...
Really good blog from MS about hunting on Microsoft Graph telemetry (which only became customer visible recently - and requires manual enablement). https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/hunting-with-microsoft-graph-activity-logs/ba-p/4234632
I’ve ranted before about this one being a blind spot for orgs, Microsoft moved attackers to the graph. So good to see them looking at it.
Really the Defender of Sentinel product groups should build a solution on top of this as a standard offering.
I’ve ranted before about this one being a blind spot for orgs, Microsoft moved attackers to the graph. So good to see them looking at it.
Really the Defender of Sentinel product groups should build a solution on top of this as a standard offering.