How to Triage and Investigate LSASS Memory Alerts in Microsoft Defender
Prior to shooting this video, we ran an Atomic Red Team test that uses “rundll32” to run a command that dumps LSASS memory into a file. In this video, we examine the native alerting generated by that test, explaining where to find useful information in the Alert Story feature of Defender for Endpoint and how to triage alerts.
In the Red Canary Crash course, we'll use a collection of Atomic Red Team tests to simulate some of the most prevalent Mitre ATT&CK® Techniques in an environment protected by Windows Defender for Endpoint. We'll then demonstrate how you can triage native alerting, execute response actions, and leverage Kusto queries in the Advanced Hunting console to investigate suspicious activity associated with the tests.
Viewers will learn how to:
- interpret and triage native alerting
- respond to alerts by executing simple response actions, like isolating an endpoint or initiating Live Response
- threat hunt and perform ad hoc investigations using Kusto queries and the advanced hunting console
You can watch the entire Red Canary Crash Course series here on YouTube or at [ Ссылка ]
As your security ally, Red Canary enables your team to focus on the highest priority security issues impacting your business. By removing your need to build and manage a threat detection operation, we help you focus on running your business securely and successfully. Our Security Operations Platform delivers threat detection, hunting, and response—driven by human expert analysis and guidance—applied across your endpoints, cloud, and network security.
#MicrosoftSecurity | #RedCanary | #ThreatHunting
Ещё видео!