Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/bg-p/MicrosoftThreatProtectionBlog

Microsoft 365 Defender Blog articles

New URL & domain pages in Microsoft 365 Defender

Published

New URL & domain pages in Microsoft 365 Defender

Want to easily investigate, take actions and pivot on URLs and domains? The new URL & domain pages will make it easier than ever. 

Try it out: URL - Microsoft 365 security

Or you can navigate through incidents, alerts, advanced hunting or by searching URL. 

 See all URL information in one placeSee all URL information in one place

 

Now you will be able to:

  • Get Domain details
    Lets you spot newly registered domains at a glance right within the page and side panel. In an investigation, newly registered domains may be a useful indicator for a suspicious domain.
  • See the URL verdict
    We’ve added a new tile that shows the Microsoft verdict for malicious URLs, indicating whether the URL is known to be bad and why (observed in phishing, malware etc.)
  • Pivot to Threat explorer
    Navigate in context to Threat explorer to hunt for emails containing this URL or domain.  
  • See related incidents
    Review incidents in your environment that involve this URL or domain. This will help correlate the URL to the attack(s) it was observed in.

List of incidents the URL was involved inList of incidents the URL was involved in

 

 

More experiences:


Pivot from the URL to related devices
In a typical investigation, you may want to pivot from the URL to other related entities to

 

Devices who had events with this URLDevices who had events with this URL

 

 

explore the scope of the attack. For example, the devices where the URL was observed may be the next thing you want to look at. The device list now shows more details about the device - such as its risk level, operating system and more – helping you prioritize the next investigation step.

To make the pivoting easier and more efficient, you can now pivot to the device timeline directly from this list, to the first or last event that involved this URL or domain. And most importantly, you can look for related devices 6 months back with one click?

 

 

New Domain (FQDN) page
Aggregates information from different observed URLs under the same fully qualified domain name into one page. You can navigate easily from any specific URL page to the related domain page, for a broader view across multiple URLs. Investigations can now make use of new aggregated data points such as the domain prevalence & incidents.

Example: Domain - Microsoft 365 security

 

New domain page – aggregated informationNew domain page – aggregated information

 

 

 

With these new features, you can now easily investigate URLs, pivot to connected devices, uplevel to investigating the domain in aggregate, and block the malicious entity.

 

See also:

Continue to website...

More from Microsoft 365 Defender Blog articles

Monthly news - April 2024

Monthly news - April 2024

12d

What’s new in Defender: How Copilot for Security can transform your SOC

What’s new in Defender: How Copilot for Security c ...

1m

Monthly news - March 2024

Monthly news - March 2024

1m

Monthly news - February 2024

Monthly news - February 2024

2m

Protect faster with Microsoft Defender XDR’s latest UX enhancements

Protect faster with Microsoft Defender XDR’s lates ...

2m

Introducing the new PowerShell Module for Microsoft Defender for Identity

Introducing the new PowerShell Module for Microsof ...

3m

Identity in focus: Exploring the new ITDR experience within Microsoft Defender

Identity in focus: Exploring the new ITDR experien ...

3m

Monthly news - January 2024

Monthly news - January 2024

3m

Securing AD CS: Microsoft Defender for Identity's Sensor Unveiled

Securing AD CS: Microsoft Defender for Identity's ...

4m

Microsoft Defender XDR unified role-based access control (RBAC) model is now generally available

Microsoft Defender XDR unified role-based access c ...

4m

Related Posts