Microsoft Defender for Endpoint - Super Deep Dive

Session 1:
Protect your endpoint from known C2 Feodo servers with MDE

Extend alarming and protection capabilities of Microsoft Defender for Endpoint using external data sources.
In this showcase Fabian Bader will demonstrate how easy you can tap into open source threat intelligence and use it to protect your endpoints.
The Feodo Tracker project (https://feodotracker.abuse.ch/), which tracks active Emotet C2 servers around the globe, is used as an example.

Speaker: Fabian Bader - https://twitter.com/fabian_bader

Session 2:
Defender for Endpoint - performance, secrets & best practices

Defender for Endpoint, formerly known as Defender AV, has come a long way in the last few years. Still, it has its quirks, especially when used in an enterprise environment. I want to address some questions that we keep hearing over the years, such as:

Where are the logs?
How can we measure performance?
Wait, there's a command line?
Maybe I can show you a thing or two about things that happen "under the hood".

And perhaps you have some experience or tips you want to share as well? Let's make this an interactive session and share interesting things, feedback and best practices.

Speaker: Fabio Gondorf - https://twitter.com/FGondorf