That was one of the best deep dives in to what to do and how to react to certain alerts raised in Defender. Really liked the way that you did this. Regarding the IP addresses that were found in the Deep Analysis results; would these be good examples of addresses that you could create a KQL query for to add these IP's as IOC's for future events for all machines in the environment. Will you be doing a video n creating KQL queries in Azure and Defender (as the syntax differs) and most importantly, how to create an alert for the SOC team should any value be found in an query that you have created. One of the main issues that I am having at the moment, is trying to create alerts from queries that I have found online and also trying to figure out how to get an action to run when an alert is triggered, like Isolate the device instantly of a severe issue is found at 03:00hrs and we don't have a 24hr SOC. Liked and subbed. Awesome video.
![I.N "HALLUCINATION" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/n5B5q1Hwt_U/mqdefault.jpg)
Well explained on investigation.. keep up the good work
Excellent video. Thank you for uploading.
Excellent video. Nice hands on actionable learning.
Awesome video!!
That was one of the best deep dives in to what to do and how to react to certain alerts raised in Defender.
Really liked the way that you did this.
Regarding the IP addresses that were found in the Deep Analysis results; would these be good examples of addresses that you could create a KQL query for to add these IP's as IOC's for future events for all machines in the environment.
Will you be doing a video n creating KQL queries in Azure and Defender (as the syntax differs) and most importantly, how to create an alert for the SOC team should any value be found in an query that you have created.
One of the main issues that I am having at the moment, is trying to create alerts from queries that I have found online and also trying to figure out how to get an action to run when an alert is triggered, like Isolate the device instantly of a severe issue is found at 03:00hrs and we don't have a 24hr SOC.
Liked and subbed. Awesome video.