AzUpdate Special Report: Microsoft Defender with Heike Ritter

Play AzUpdate Special Report: Microsoft Defender with Heike Ritter

The Discussion

  • User profile image
    Threat Hunting. I appreciate discussions such as these where practitioners show practical examples of how they have found usefulness of a particular tool.

    I am familiar with other vendors' products that can be used in a similar manner to perform threat hunting and investigations. I see a key difference in products as being not only the scope and depth of data available for query, but the ease with which queries can be made. More specifically, can the the queries be shaped in a natural language manner.

    I feel that I am better served with natural language queries than writing rules with arcane constructions. I would rather have an interaction that is something like, "Query available syslogs used by domain controllers in domain abc with a goal of correlating users and systems for which malicious code was received and either human users or machine-machine accounts logged on", instead of "Query, target: syslog , event type: malicious code, event type:user successful logon, event date range: 20201207-20201208"

    I would welcome your thoughts about natural language security queries.

    Thank you.

Add Your 2 Cents