This can be done with other solutions as well, so don’t feel the need to only use Azure Sentinel, when you can use other solutions as well. Once we have done that, we will show some examples with Azure Sentinel, which we will be used to create the custom alerts.
We will start with showing real cases of adversaries working their way around Windows Defender. In this blog post, we are going to explain why it is relevant to keep an eye on your Windows Defender AV logs, and how to use the data telemetry to create custom alerts. Windows Defender is the traditional out of the box antivirus for a Windows machine. Not to confuse with the EDR solution that’s called ”Defender for Endpoint”. Today we are going to talk about our good old friend or better known as Windows Defender AV.
0 kommentar(er)
