Prior to shooting this video, we ran an Atomic Red Team test associated with "Scheduled Task". In this video, we examine the native alerting generated by that test, explaining where to find useful information in the Alert Story feature of Defender for Endpoint and how to triage alerts.

In this series of videos, we'll use a collection of Atomic Red Team tests to simulate some of the most prevalent Mitre ATT&CK Techniques in an environment protected by Windows Defender for Endpoint. We'll then demonstrate how you can triage native alerting, execute response actions, and and leverage Kusto queries in the Advanced Hunting console to investigate suspicious activity generate by the tests.
Viewers will learn how to:
- interpret and triage native alerting
- respond to alerts by executing simple response actions, like isolating an endpoint or initiating Live Response
- threat hunt and perform ad hoc investigations using Kusto queries and the advanced hunting console

You can watch the entire Red Canary Crash Course series here on YouTube or at [ Ссылка ]

As your security ally, Red Canary enables your team to focus on the highest priority security issues impacting your business. By removing your need to build and manage a threat detection operation, we help you focus on running your business securely and successfully. Our Security Operations Platform delivers threat detection, hunting, and response—driven by human expert analysis and guidance—applied across your endpoints, cloud, and network security.

свернуть