Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes and added features to Defender for endpoints responder #1225

Open
wants to merge 9 commits into
base: develop
Choose a base branch
from
Open

Fixes and added features to Defender for endpoints responder #1225

wants to merge 9 commits into from

Conversation

louismaxx
Copy link

This PR contains a few fixes for this responder :

  • When an organisation doesn't synchronise computers in AzureAD, the function getMachineID is not able to retrieve an id as the field AadDeviceID returns null. In this case, it retrieves the field id, which is an id provided by MDE to the machine.
  • We had issues with the oauth uri, and updated the uri provided in the json files with the latest one on MS's documentation.
  • Fixed the Dockerfile as the -r option was causing issues during the build.
  • Fixed the malformed json body of the pushCustomIOCAlert function.

New Features :

  • You can now lauch an automated investigation on a device
  • You can restrict the exectution of apps on the device (leaves Outlook, skype, Teams operational). Not as restrictive as device isolation. A tag is applied to the observable
  • Added more IOC options to push to MDE :
    • Hashes (MD5, SHA1 and SHA256)
    • Domains
    • Url

Also minor updates to the readme file, a new api permission is required to restrict device app execution

@louismaxx louismaxx mentioned this pull request Oct 23, 2023
Open
@jeromeleonard jeromeleonard added this to the 3.3.6 milestone Feb 12, 2024
@jeromeleonard jeromeleonard changed the base branch from master to develop February 12, 2024 07:37
@jeromeleonard jeromeleonard modified the milestones: 3.3.6, 3.3.7 Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.3.7
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@louismaxx @jeromeleonard