deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 14:53:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

addressed flagged Acrolinx items

Browse Source
This commit is contained in:
Dulce Montemayor
2020-06-22 15:56:02 -07:00
committed by GitHub
parent 42cfd81b88
commit d41e4a0242
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
View File

@ -105,17 +105,17 @@ You can partner with Microsoft Threat Experts who can be engaged directly from w
**Alert information**
- We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
- Weve observed two similar attacks which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
- Weve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious Powershell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
- I receive an odd alert today for abnormal number of failed logins from a high profile users device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
- Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”.
**Possible machine compromise**
- Can you help answer why we see “Unknown process observed?” This is seen quite frequently on many machines. We appreciate any input to clarify whether this is related to malicious activity.
- Can you help answer why we see “Unknown process observed?” This message or alert is seen quite frequently on many machines. We appreciate any input to clarify whether this message or alert is related to malicious activity.
- Can you help validate a possible compromise on the following system on [date] with similar behaviors as the previous [malware name] malware detection on the same system in [month]?
**Threat intelligence details**
- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
- I recently saw a [social media reference e.g., Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor?
- This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor?
**Microsoft Threat Experts alert communications**
- Can your incident response team help us address the targeted attack notification that we got?
@ -134,7 +134,7 @@ Response from Microsoft Threat Experts varies according to your inquiry. They wi
- Investigation requires more time
- Initial information was enough to conclude the investigation
It is crucial to respond in a timely manner to keep the investigation moving.
It is crucial to respond in quickly to keep the investigation moving.
## Related topic
- [Microsoft Threat Experts overview](microsoft-threat-experts.md)