Wazuh SIEM Integrations (III) — Microsoft Defender for Endpoint

SOCFortress
2 min readAug 20, 2022

--

Introduction

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.

Defender for Endpoint can provide:

Next-Generation Protection: Designed to catch all types of emerging threats.

Microsoft Defender Antivirus: Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as “real-time protection”).

Real-time endpoint detection and response insights correlated with endpoint vulnerabilities.

Threat and Vulnerability Management: Discovers vulnerabilities and misconfigurations in real time.

Always remediate PUA: Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software, which might be unexpected or unwanted.

Tamper protection: During some kinds of cyber-attacks, bad actors try to disable security features, such as anti-virus protection, on your machines.

Web content filtering: Block access to websites containing unwanted content and track web activity across all domains.

Microsoft DFE — Wazuh SIEM Integration

(All details can be found in SOCFortress Github repo)

Alerts, events, telemetry and other info:

  • Alerts
  • Indicators
  • Machines
  • Domain
  • Recommendations
  • Exposure Score by Group
  • Software
  • Machine Vulnerabilities

MS-DFE events and visualizations in SOCFortress Platform

Alerts — Summary:

Alerts by threat family and Name:

System (OS) and Software Vulnerabilities:

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Platform Demo: https://www.socfortress.co/demo_access.html

--

--

SOCFortress
SOCFortress

Written by SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

No responses yet