From 19adebc69ed736a58d90045e477b472f5d4b14e3 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 13 Dec 2024 17:38:17 +0530 Subject: [PATCH 1/7] Implemented the updates as per the requirement --- defender-endpoint/professional-services.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/defender-endpoint/professional-services.md b/defender-endpoint/professional-services.md index 67fd8be917..2e4db5001b 100644 --- a/defender-endpoint/professional-services.md +++ b/defender-endpoint/professional-services.md @@ -42,11 +42,12 @@ Managed security services that assist organizations to detect threats early and |---|---|---| |[Microsoft Defender Experts](/defender-xdr/defender-experts-for-hunting)|Microsoft|Defender Experts for Hunting are a proactive threat hunting service for Microsoft Defender XDR.| |[Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671)|glueckkanja-gab AG|Monitors your Microsoft Security Solutions 24/7, responds to threats on your behalf, and works closely with your IT to continuously improve your security posture.| +|[Cloud Security Operations Center](https://appsource.microsoft.com/en-us/marketplace/consulting-services/reply.csoc-reply?tab=Overview)| Reply|Discover managed security with Reply's Verified MXDR Service, expertly tailored to integrate and amplify your Microsoft 365 ecosystem and your Azure environment. From initial setup to advanced operational capabilities, Reply's 24/7 Security Monitoring, Threat Detection, Incident Response, and Penetration Testing services are the cornerstones of digital resilience.| |[Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)|Wortell|Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell provides security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models| |[CRITICALSTART® Managed Detection & Response Services for Microsoft Defender XDR](https://go.microsoft.com/fwlink/?linkid=2202761)|CRITICALSTART|Critical Start Managed Detection and Response (MDR) services for Microsoft Defender XDR (M365D) extends security defenses to provide cross-domain threat protection and simplify breach prevention. Their team of Microsoft security experts uses integration with M365D to detect, investigate, and respond with the right actions to alerts from identity, to email and cloud – before they disrupt business operations.| |[CRITICALSTART® Managed Detection & Response Services for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202844)|CRITICALSTART|Critical Start Managed Detection & Response (MDR) service for Microsoft Defender for Endpoint simplifies security across an expanded attack surface area. CRITICALSTART combines Microsoft's cross-enterprise visibility threat detection and auto investigation capabilities with optimized threat detection and response to deliver an 80% reduction in false positives on the first day of production monitoring.| |[InSpark Cloud Security Center](https://www.inspark.nl/oplossingen)|InSpark|InSparks' Cloud Security Center is a 24x7 Managed Security Solution including SOC services. It continuously provides your Microsoft cloud platform with the highest level of security.| -|[Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)|Mandiant, Inc.|Mandiant Managed Defense protects your business with a managed detection and response (MDR) service, fueled by dedicated and frontline experts who protect against motivated adversaries. With a combination of up-to-the-minute threat intelligence, data science, and real-world expertise, Managed Defense helps customers optimize investments in technology, maximize resources, and accelerate investigations.| +|[Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)|Mandiant, Inc.|Mandiant Managed Defense protects your business with a managed detection and response (MDR) service, fueled by dedicated and frontline experts who protect against motivated adversaries. With a combination of up-to-the-minute threat intelligence, data science, and real-world expertise, Managed Defense helps customers optimize investments in technology, maximize resources, and accelerate investigations.| |[Onevinn MDR](https://www.onevinn.com)|Onevinn|Onevinn MDR, Managed Detection and Response, built on Microsoft Defender and Microsoft Sentinel is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.| |[SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)|Sepago GmbH|SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft Defender XDR solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.| |[MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762)|Red Canary|MDR for Microsoft provides 24x7 managed detection, investigation, and response to threats across your Microsoft environment.| @@ -83,7 +84,7 @@ Respond to security incidents quickly, effectively and at scale with complete in |[Active Remediation](https://go.microsoft.com/fwlink/?linkid=)|Red Canary|Red Canary security experts respond to remediate threats on your endpoints, 24x7. Requires Red Canary MDR for Microsoft.| |[Onevinn DFIR](https://go.microsoft.com/fwlink/?linkid=2202584)|Onevinn|Onevinn DFIR, Digital Defense and Incident Response team, when you're having a breach and you need urgent assistance to gain back control of your IT Environment.| |[Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671)|glueckkanja-gab AG|Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.| -|[Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)|Wortell|Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell provides security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models| +|[Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)|Wortell|Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell provides security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models| |[InSpark Cloud Security Center](https://www.inspark.nl/oplossingen)|InSpark|InSparks' Cloud Security Center is a 24x7 Managed Security Solution including SOC services. It continuously provides your Microsoft cloud platform with the highest level of security.| |[Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)|Mandiant, Inc.|Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science, and real-world expertise. Managed Defense helps customers optimize investments in technology, maximize resources, and accelerate investigations.| |[Onevinn MDR](https://www.onevinn.com)|Onevinn|Onevinn MDR, Managed Detection and Response, built on Microsoft Defender and Microsoft Sentinel is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.| @@ -93,7 +94,7 @@ Respond to security incidents quickly, effectively and at scale with complete in |[Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)|Dell Technologies|Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24/7 to serve customers with security monitoring and management. Dell helps onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.| |[CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202385)|CSIS|24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when, and how security incidents occurred.| |[MDR for Endpoints](https://go.microsoft.com/fwlink/?linkid=2202676)|NTT Ltd.|Increase your cyber resilience with Managed Detection and Response (MDR) service. Combining 24/7 human & machine expertise, best-of-breed technologies, and global threat intelligence to detect and disrupt hard-to-find attacks, making you more secure.| -|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| +|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers Zero Trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)|eSentire|MDR you can trust that provides 24/7 threat investigations and responses via Microsoft Defender XDR suite.| |[Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)|Aujas Cybersecurity|Managed security services that assist organizations to detect threats early and help minimize the effects of a breach.| @@ -126,7 +127,7 @@ Protect your organization proactively by evaluating your organization's ability |[Security Operations & MDR](https://www.bdodigital.com/services/security-compliance)|BDO|BDO's Security Operations Center (SOC) provides continuous detection, protection, and response for organizations globally. BDO MDR is like having eyes where you don't. It's modern technology and experts make hunting, detecting, and responding one less thing to keep up with. Because they have eyes where we don't.| |[DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580)|DXC|DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft's Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,| |[Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)|Dell Technologies|Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24 by 7 to serve customers with security monitoring and management. Help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.| -|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| +|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers Zero Trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)|eSentire|MDR you can trust that provides 24/7 threat investigations and responses via Microsoft Defender XDR suite.| |[Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)|Aujas Cybersecurity|Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.| @@ -155,7 +156,7 @@ Evolve your organization's security posture through improved processes and techn |[MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762)|Red Canary|24x7 managed detection, investigation, and response to threats across your Microsoft environment.| |[Security Operations & MDR](https://www.bdodigital.com/services/security-compliance)|BDO|BDO's Security Operations Center (SOC) provides continuous detection, protection, and response for organizations globally. BDO MDR is like having eyes where you don't. It's modern technology and experts make hunting, detecting, and responding one less thing to keep up with. Because they have eyes where we don't.| |[DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580)|DXC|DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft's Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,| -|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| +|[BlueVoyant MDR for Microsoft Defender XDR](https://www.bluevoyant.com/platform/mdr/mdr-for-microsoft)|BlueVoyant|BlueVoyant's MDR (Managed Detection and Response) for Microsoft Defender XDR combines the power of Microsoft's Defender product suite with BlueVoyant's elite 24x7 security operations team to identify, investigate, and eradicate today's most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, solution integrations, and more.| |[White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)|White Hat IT Security|White Hat MSS offers Zero Trust approach to managed security on every platform – scalable and adaptive security from true experts.| |[Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)|Secureworks|Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.| |[Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)|The Collective|The Collective's Cloud Control Managed Protection, Detection, and Response solution is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch.| From b5801de238afbc73e809cf103aa217a01913cca4 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 16 Dec 2024 11:45:13 +0530 Subject: [PATCH 2/7] Update professional-services.md --- defender-endpoint/professional-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/professional-services.md b/defender-endpoint/professional-services.md index 2e4db5001b..055044bcea 100644 --- a/defender-endpoint/professional-services.md +++ b/defender-endpoint/professional-services.md @@ -13,7 +13,7 @@ ms.collection: - tier3 ms.topic: conceptual search.appverid: met150 -ms.date: 10/10/2024 +ms.date: 12/16/2024 --- # Professional services supported by Microsoft Defender XDR From cca9853f849d2cee390b5816ae522a245d969f6a Mon Sep 17 00:00:00 2001 From: jalajchadha-ms <98305680+jalajchadha-ms@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:06:10 +0530 Subject: [PATCH 3/7] Learn Editor: Update android-configure.md --- defender-endpoint/android-configure.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defender-endpoint/android-configure.md b/defender-endpoint/android-configure.md index 74f0c26587..7f1f881e07 100644 --- a/defender-endpoint/android-configure.md +++ b/defender-endpoint/android-configure.md @@ -37,6 +37,8 @@ For more information about how to set up Defender for Endpoint on Android and Co > [!NOTE] > Defender for Endpoint on Android only supports creating custom indicators for IP addresses and URLs/domains. +> +> Also, alerts for custom indicators are currently not supported for Defender for Endpoint on Android. Defender for Endpoint on Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Overview of indicators](indicators-overview.md). From 12fa74c69c979ab87ab756a49e178e0b3146633a Mon Sep 17 00:00:00 2001 From: jalajchadha-ms <98305680+jalajchadha-ms@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:07:34 +0530 Subject: [PATCH 4/7] Learn Editor: Update android-configure.md From d88c82b1f4b529f11f1773744c2e06027696cf3d Mon Sep 17 00:00:00 2001 From: schmurky Date: Mon, 16 Dec 2024 17:31:27 +0000 Subject: [PATCH 5/7] Added MDC in desc --- defender-xdr/advanced-hunting-cloudprocessevents-table.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-xdr/advanced-hunting-cloudprocessevents-table.md b/defender-xdr/advanced-hunting-cloudprocessevents-table.md index 2c89bc4fca..f633db125b 100644 --- a/defender-xdr/advanced-hunting-cloudprocessevents-table.md +++ b/defender-xdr/advanced-hunting-cloudprocessevents-table.md @@ -28,7 +28,7 @@ ms.date: 11/11/2024 **Applies to:** - Microsoft Defender XDR -The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process events in multicloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. Use this reference to construct queries that return information from this table. +The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process events in multicloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine as protected by the organization's [Microsoft Defender for Cloud](/azure/defender-for-cloud/concept-integration-365#advanced-hunting-in-xdr). Use this reference to construct queries that return information from this table. > [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. From 34018838f0cf82e20842a46658801b144a05f46e Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Mon, 16 Dec 2024 23:25:06 +0530 Subject: [PATCH 6/7] acro fix --- defender-xdr/advanced-hunting-cloudprocessevents-table.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defender-xdr/advanced-hunting-cloudprocessevents-table.md b/defender-xdr/advanced-hunting-cloudprocessevents-table.md index f633db125b..7091c4d979 100644 --- a/defender-xdr/advanced-hunting-cloudprocessevents-table.md +++ b/defender-xdr/advanced-hunting-cloudprocessevents-table.md @@ -41,7 +41,7 @@ For information on other tables in the advanced hunting schema, [see the advance | `AzureResourceId` | `string` | Unique identifier of the Azure resource associated with the process | | `AwsResourceName` | `string` | Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name| | `GcpFullResourceName` | `string` | Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP | -| `ContainerImageName` | `string` | UThe container image name or ID, if it exists | +| `ContainerImageName` | `string` | The container image name or ID, if it exists | | `KubernetesNamespace` | `string` | The Kubernetes namespace name | | `KubernetesPodName` | `string` | The Kubernetes pod name | | `KubernetesResource` | `string` | Identifier value that includes namespace, resource type and name | @@ -76,7 +76,7 @@ To hunt for process events including a given term (represented by "x" in the que CloudProcessEvents | where ProcessCommandLine has "x" ``` -### Rare process events for a pod in a Kuberentes cluster +### Rare process events for a pod in a Kubernetes cluster To investigate unusual process events invoked as part of a pod in a Kubernetes cluster: ```kusto From 355df8bf915e00e0a01315576b5d4677ad23bef3 Mon Sep 17 00:00:00 2001 From: Ruchika Mittal Date: Mon, 16 Dec 2024 23:29:15 +0530 Subject: [PATCH 7/7] pencil edit --- defender-xdr/advanced-hunting-cloudprocessevents-table.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-xdr/advanced-hunting-cloudprocessevents-table.md b/defender-xdr/advanced-hunting-cloudprocessevents-table.md index 7091c4d979..c565bd13cf 100644 --- a/defender-xdr/advanced-hunting-cloudprocessevents-table.md +++ b/defender-xdr/advanced-hunting-cloudprocessevents-table.md @@ -33,7 +33,7 @@ The `CloudProcessEvents` table in the [advanced hunting](advanced-hunting-overvi > [!IMPORTANT] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -For information on other tables in the advanced hunting schema, [see the advanced hunting reference](advanced-hunting-schema-tables.md). +For information on other tables in the advanced hunting schema, see the [advanced hunting reference](advanced-hunting-schema-tables.md). | Column name | Data type | Description | |-------------|-----------|-------------|