September 2024 Microsoft & Security NL meetup

17.00 - 18.00 Inloop & eten

18.00 - 19.00 Olaf Hartong - Lessons learnt from crowdsourcing blackbox Microsoft Defender coverage

As a detection engineer, there is a lot of value in understanding the strength and weaknesses of your tools. One of the things I wanted to know is how well is Defender covering certain attacks, how does that map to ATTACK and is that really accurate. For many reasons these details are not publicly available, so I decided to crowdsource this information. After talking to many trusted parties I've aggregated information of observed detections in over 1000 unique environments. I will share my insights and some opinions on how certain detections are mapped, how realistic it is and what value an overview like this has to a user of these platforms.

19.00 - 19.15 Break

19.15 - 20.15 Gianni Castaldi - Creating exceptional security detections within Your Microsoft Security stack

In session where we learn the fundamental concepts of detection engineering and receive guidance on creating the best detections in your Microsoft Security stack

20.15 - 20.45 Pubquiz & borrel

20.45 - 21.30 Borrel en einde