Shadow Workflows
Rich Mozeleski
The Shadow Workflows capability will provide detection and response of the most common post-compromise malicious activities. These activities include:
- Malicious inbox rule creation (we are completely revamping how we detect malicious inbox rules as part of this effort)
- Malicious phishing campaigns: At a minimum, we will detect and generate an incident report when a mailbox is responsible for a malicious phishing campaign.
- Data exfiltration: At a minimum, we will detect malicious file downloads from the Microsoft ecosystem.
C
Cameron Granger
open
Rich Mozeleski
Merged in a post:
Microsoft Expanded Cloud Log Implementation Playbook
S
Scott Brewster
CISA released its playbook for Microsoft expanded log collection. Please update ITDR to be able to ingest the logs. You can find this playbook here:
Rich Mozeleski
in progress