Joe
@trk_rdy
Followers
1K
Following
813
Media
55
Statuses
1K
If you’re following Ignite and see someone post an article about something being released with a catchy title…please read the article. It’s often not what you think despite it being an easy thing to go bash on the surface. Smh….
0
0
4
We’re writing the second edition of Defender for Endpoint In-Depth, if you’re interested, please send us some feedback.
forms.office.com
0
5
30
<try landing binary on disk> blocked.<try landing binary on disk> blocked.<allow binary to be on disk> allowed. “I bypassed EDR”.
0
0
7
RT @Threatzman: Come check out "Defending endpoints like a pro: path to mastery" at Workplace Ninja Summit 2024 - looking forward to meetin….
0
6
0
RT @dwizzzleMSFT: Intune enrollment attestation is in preview! This is super dope because the MDM ID is now stored in the TPM instead of e….
0
78
0
Read.
🧵on the ongoing outage caused by Crowdstrike content update. Insights here mostly based on my time working on/helping build a competitor product Mandiant Intelligent Response\HX. First & foremost this sucks for both Crowdstrike & their customers - no one wants to see this happen.
0
0
3
🤡’s posting 🤡 stuff on LinkedIn has reached new levels of 🤡ing. That is all. Not gonna bite.
1
0
5
RT @Threatzman: ANNOUNCING general availability!!! Microsoft Defender for Endpoint streamlined connectivity consolidates service URLs and p….
learn.microsoft.com
Learn how to use a streamlined domain or static IP ranges during onboarding when connecting devices to Microsoft Defender for Endpoint.
0
37
0
RT @reprise_99: All the queries from the KQL book that we wrote are now available on the books official repo for you to explore and use. If….
github.com
Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL - KQLMSPress/definitive-guide-kql
0
47
0
We're looking to rectify this entire page, especially the this paragraph. Updates to come. CC: @lawndoc.
@trk_rdy @NathanMcNulty @christruncer I assume this is the relevant piece? The thing I struggle with is even if it doesn't cause issues when blocking most of the time, it adds some guess-work to troubleshooting when something isn't working whether the ASR block is interfering when so many blocks are benign.
0
0
2
ASR & MDE reminder:. Devices with <ASR Rule, Rule State (Audit\Block)> and Cloud Block set to High configured WILL generate MDE alerts. Devices that DO NOT have <ASR Rule, Rule State (Audit\Block)> and Cloud Block set to High configured will NOT generate MDE alerts.
1
9
43