Questions tagged [advanced-threat-protection]
10 questions
3
votes
0 answers
iOS Universal Links and Outlook SafeLinks Protection
I have universal links implemented, working fine. I send an email to a user, then iOS will open the app if it's installed, or it will go to my website if not. At which point, I use apache mod_rewrite to redirect to a page which gives information on…
bandejapaisa
- 26,576
- 13
- 94
- 112
2
votes
1 answer
Potential vulnerabilities in code generation tools
I'm working on building a code generation tool using JHipster. It gives promts on CLI through which customer can choose and then required Java package for CRUD layer of the micro service gets generated. The code generator in pipeline builds the…
AKSHAY JANGID
- 21
- 2
2
votes
1 answer
String Manipulation in KQL
How can you Manipulate the output of a string in KQL? For example I have a query to find loggedon users for a specific group of devices and this is an output I received. I would only want Username to show in the output.
DeviceInfo
|where DeviceID==…
John418
- 33
- 1
- 6
0
votes
0 answers
How to turn off Advanced Threat Protection and Security Center in Azure Portal
I have a project that I use for testing new things and I'm using the MSDN subscription, however most of it is used by ATP and Security Center.
Is there any way for me to turn this off? My subscription gets disabled every month since it goes over…
JMad
- 112
- 1
- 7
0
votes
0 answers
How would you go about monitoring/alerting for one or more specific Windows OS API calls in an enterprise network?
I am trying to come up with a monitoring solution for MITRE ATT&CK Technique T1115 (Clipboard Data). The data can be retrieved via Powershell (Get-Clipboard) or by using the Windows API (OpenClipboard() or GetClipboardData). Scriptblock logging will…
Evan Miller
- 1
- 1
0
votes
1 answer
MISP to Microsoft Graph Security Script - Not working
Followed https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/MISP documentation, added MISP URL plus Token, Microsoft Graph API application tenant, APP ID and Token etc, but is not working when running the script.
Just added…
Ninjavi
- 1
0
votes
1 answer
How to pull Defender (Microsoft 365) reports from Exchange Online Protection
Under the email collaboration in Defender365, there are a set of reports that report things such as malware detected in emails, spam blocks, etc... that I'd like to pull that aren't available on the two APIs…
Kofi
- 13
- 4
0
votes
1 answer
Advanced Threat Protection REST API Not Working
We are trying to get the Advanced Threat Protection status of several resources in Azure, in order to achieve this we find out this API Advanced Threat Protection REST API - Get. However when we attempt to use is we get the following error message…
delucaezequiel
- 483
- 2
- 9
- 26
0
votes
1 answer
Microsoft Advanced Hunting Query API works for some tables but not others in power BI
I am using the following API call in Power BI to access Advanced Hunting data from 365.
https://api.securitycenter.windows.com/api/advancedqueries
Using this API works with some tables but not others in Power BI.
For example:
DeviceEvents | limit 10…
Hartraft
- 11
- 5
0
votes
2 answers
ngrok blocked by Fortinet FortiGuard
I would like to use ngrok for Microsoft Teams app development but it's being blocked by our FortiGuard threat protection and I cannot create a tunnel with the standard command ngrok http 80.
What do I tell our FortiGuard admin that needs to be…
colonel_claypoo
- 543
- 1
- 12
- 25