MS XDR and other security technologies(WIP)

#xdr
The following is for my own personal reference. I am busy learning a new security tech stack.

Most businesses use some combination of the following security solutions provided by Microsoft and Palo Alto Security and it helps to familiarise yourself with them.

Below are also some quick links to the relevant documentations pages for these tools.

Defender XDR(Extended Detection & Response)

Defender XDR (Defender for Identity, Defender for Endpoint, Defender for Cloud Apps, Defender for Office 365)
- https://learn.microsoft.com/en-us/defender-xdr/microsoft-365-defender

Microsoft Defender XDR is a unified pre- and post-breach enterprise defence suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Microsoft Defender XDR helps security teams protect their organisations and detect threats by using information from other Microsoft security products, including:

Sentinel - Which is in Defender XDR now
https://learn.microsoft.com/en-us/azure/sentinel/microsoft-365-defender-sentinel-integration?tabs=defender-portal
Entra ID also Microsoft based tech
https://learn.microsoft.com/en-us/entra/identity/
Gaurd Duty, Cloud Trail from AWS
https://docs.aws.amazon.com/guardduty/latest/ug/logging-using-cloudtrail.html
NoName (high-level) , which ingests into Sentinel, its API security
https://oshezaf.github.io/sentinelninja/Solutions Docs/connectors/nonamesecuritymicrosoftsentinel.html
PhishER, phishing simulations by knowbe4
https://www.knowbe4.com/products/phisher-plus
Flare CTEM, Dark Web monitoring solution
https://flare.io/dark-web-monitoring
Cortex by Palo Alto, AI assisted SOC solution
- Cortex XSIAM by Palo Alto

Electric Meatball's Digital Garden Home