Microsoft 365 Defender uses various techniques based on machine learning for detecting malicious activities, and will in many cases trigger an alert when there is clear evidence of an attack. Nevertheless, security analysts from the baseVISION SOC should continue to proactively hunt for suspicious activities.
Threat hunting is an active cyber defense activity. It is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
Advanced hunting included in Microsoft Sentinel is a query-based threat-hunting tool that lets security analysts explore raw data up to the defined retention period within the Log Analytics workspace. Security analysts can proactively identify events on endpoints. Flexible access to data enables wide-ranging searches for known anomalies and threats defined by customers.
Our Security Operation Center Team will provide with the Advanced Threat Hunting service the following:
Periodic Threat hunting for a defined list of MITRE ATT&CK techniques across Microsoft 365 Defender Data within Microsoft Sentinel.
Update hunting queries to reduce false positives
Summary of threat hunting results
Notification of customer security team when identifying potential threats that require further investigation.
With this SOC service, our security analysts support your organization to improve the overall security landscape. The most important benefits are the following:
Proactively uncover hidden security incidents
Provide results for measures in your infrastructure
Reduces business risks with early detection and elimination
Provides visibility into deviations and anomalies for your security analysts