Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint
--
Introduction
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Defender for Endpoint can provide:
Next-Generation Protection: Designed to catch all types of emerging threats.
Microsoft Defender Antivirus: Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as “real-time protection”).
Real-time endpoint detection and response insights correlated with endpoint vulnerabilities.
Threat and Vulnerability Management: Discovers vulnerabilities and misconfigurations in real time.
Always remediate PUA: Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software, which might be unexpected or unwanted.
Tamper protection: During some kinds of cyber-attacks, bad actors try to disable security features, such as anti-virus protection, on your machines.
Web content filtering: Block access to websites containing unwanted content and track web activity across all domains.
Microsoft DFE — Wazuh SIEM Integration
(All details can be found in SOCFortress Github repo)
Alerts, events, telemetry and other info:
- Alerts
- Indicators
- Machines
- Domain
- Recommendations
- Exposure Score by Group
- Software
- Machine Vulnerabilities
MS-DFE events and visualizations in SOCFortress Platform
Alerts — Summary:
Alerts by threat family and Name:
System (OS) and Software Vulnerabilities:
Need Help?
The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.
Website: https://www.socfortress.co/
Platform Demo: https://www.socfortress.co/demo_access.html