Browsing Category
Microsoft Defender XDR
24 posts
Microsoft Defender XDR brings together signals across identity, endpoint, email, and cloud. This category focuses on cross-domain detection, correlation, and incident response.
The articles explore how incidents are built, how alerts relate to each other, and how XDR improves investigation efficiency. Emphasis is placed on understanding detection context, not just responding to alerts.
This category is core to SOC operations and advanced detection engineering.
Selective Isolation in Defender for Endpoint – Combining tools like Velociraptor for DFIR
With the introduction of Selective Isolation, Microsoft Defender for Endpoint has taken a significant step toward more flexible…
Integrating Microsoft Defender EASM with Exposure Management
Microsoft has taken another step in closing the gap between internal risk and external exposure. With the June…
Automatically tagging MITRE techniques with AI in SOC Optimization
Mapping security detections to the MITRE ATT&CK framework is crucial for understanding adversary behavior and improving threat response.…
Stopping malicious Browser Extensions with Microsoft Defender TVM and Intune
Browser extensions have quietly evolved into one of the most dangerous and overlooked attack vectors in modern enterprise…
Case management in Microsoft Defender and Sentinel: streamline your SecOps
Managing complex security incidents has always been a challenge for Security Operations Centers (SOCs). From correlating alerts to…
OAuth attacks: How to detect and mitigate with Microsoft App Governance (MDA)
OAuth (Open Authorization) has transformed enterprise security by enabling seamless authentication and authorization between cloud applications. However, it…
Integrating T-pot Honeypot with Microsoft Sentinel using Data Collection Rules (DCR)
In the face of increasing cybersecurity threats, early detection and analysis of attack behaviors are essential for proactive…
Microsoft Defender External Attack Surface Management (EASM)
As organizations grow their digital footprint, managing the external attack surface has become critical for reducing risks and…
Using Honeytoken Accounts in Microsoft Defender for Identity (MDI) for proactive threat detection
Microsoft Defender for Identity provides organizations with an effective way to detect and deter identity-based attacks through the…
Microsoft Defender for Endpoint (MDE) Endpoint Deception capability for Advanced Threat Detection
Microsoft Defender for Endpoint (MDE) introduces Endpoint Deception, an advanced security feature designed to detect and deter cyber…












