Example of Microsoft Defender ATP integrations

image

I received a incident warning from my Microsoft Defender ATP recently. Turns out that I had downloaded a phishing PDF attachment to see where it was trying to point me. I was careful, and check it closely before downloading. However, Defender ATP also picked up the fact that I had downloaded it jumped into action.

I was curious to see how it had detected it as a threat, as the PDF file itself was harmless, just that the link it contained, and tried to get you to click on, took you to a fake Microsoft 365 login page. Turns out that Defender ATP also uses third party indicators like Virus Total as highlighted above.

image

When I clicked on the link Defender ATP provided it took me the Virus Total site as shown above. Here you can see that the file was detected as phishing by four common engines.

The more you look at Defender ATP the more extensive it is. If you haven’t taken a look at everything it can do I strongly encourage you to do so.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s