Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Defender for Endpoint can provide:
Next-Generation Protection: Designed to catch all types of emerging threats.
Microsoft Defender Antivirus: Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as “real-time protection”).
Real-time endpoint detection and response insights correlated with endpoint vulnerabilities.
Threat and Vulnerability Management: Discovers vulnerabilities and misconfigurations in real time.
Always remediate PUA: Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software, which might be unexpected or unwanted.
Tamper protection: During some kinds of cyber-attacks, bad actors try to disable security features, such as anti-virus protection, on your machines.
Web content filtering: Block access to websites containing unwanted content and track web activity across all domains.
Microsoft DFE — Wazuh SIEM Integration
(All details can be found in SOCFortress Github repo)
Alerts, events, telemetry and other info:
- Exposure Score by Group
- Machine Vulnerabilities
MS-DFE events and visualizations in SOCFortress Platform
Alerts — Summary:
Alerts by threat family and Name:
System (OS) and Software Vulnerabilities: