Modern Management Summit 2026 M365 Defender - Custom detections everyt... - MEMSummit - M365 Defender - Custom detections everything you need to know_2026.pdf

《Modern Management Summit 2026 M365 Defender - Custom detections everyt... - MEMSummit - M365 Defender - Custom detections everything you need to know_2026.pdf》由会员分享，可在线阅读，更多相关《Modern Management Summit 2026 M365 Defender - Custom detections everyt... - MEMSummit - M365 Defender - Custom detections everything you need to know_2026.pdf（61页珍藏版）》请在三个皮匠报告上搜索。

1、Custom Detections Everything you need to knowDefender Boys-Mattias Borg,Stefan SchrlingSponsors These slides have been fixed to avoid pictures covering content when printing to pdfMichael ScottMicrosoft MVP Endpoint&SecurityRoleManagerFocusIntune Windows 365 SecurityBlog,Hobbies and moreBeing awesom

2、eStefan Schrling SA7STE Microsoft MVP Security SIEM&XDRRole 01000011 01010100 01001111-OnevinnFocus Security&SIGINT Blog,Hobbies and moreblog.sec-Security/Intelligence PadelMichael ScottMicrosoft MVP Endpoint&SecurityRoleManagerFocusIntune Windows 365 SecurityBlog,Hobbies and moreBeing awesomeMattia

3、s BorgMicrosoft MVP Security SIEM&XDRRoleMagician,DFIR,Offensive-OnevinnFocusCyber Security&ResearchBlog,Hobbies and moreWrite stuff,Build stuff,Break stuff,Paint stuffAgenda Why do we need custom detections Custom Detections Core and Building Blocks Use-cases Wrap up and summary Go home and build y

4、our own Custom Detections Tool release(For Red and Blue)Why do we need custom detections?I bought a tool,now I can sit back and relax or maybe not.Detect bad thingsProactive Threat HuntingTasksDetectionsFind the hiddenProactive Threat HuntingQuery-based data reviewDaily/WeeklyCustom DetectionsKnown

5、bad or suspiciousUse-case drivenHypothesis drivenMITRE ATT&CKhttps:/attack.mitre.orgDEMOMITRE ATT&CK&Threat AnalyticsWhy custom detectionsTailored threat detections for unique environmentsNetwork architectureDirectory servicesHome brewed applicationsTiering modelsReason 1Early threat detectionsNewly

6、 discovered attack vectorsVulnerabilitiesBehavioral AnalysisReason 2Threat IntelThreat Intel providersIn-house Threat Intel Shared Threat Intel in open and closed communitiesDeveloping Use-CasesCore building piecesComponentsAggregated dataWell-defined descriptionData sourcesLogicThreat IntelligenceP