![]() ![]() Microsoft supplies a machine timeline capability with the EDR feature that shows security events in chronological order and lets investigators drill down into the information. The use of the EDR feature with macOS devices brings the "same familiar investigation experience" that's had with Windows devices, the announcement promised. The data collected may include things like "process information, network activities, deep optics into the kernel and memory manager, user login activities, registry and file system changes, and others," according to Microsoft. The EDR feature of Microsoft Defender ATP, per Microsoft's description, collects and stores "telemetry" data from devices for six months, which can be used by investigators to detect security incidents in post-breach analyses. Microsoft had announced back in March that it was changing the name of "Windows Defender ATP" to "Microsoft Defender ATP" largely because macOS client support was added. The feature underwent a quick turnaround as it was at the preview stage last month. General availability signifies that this EDR feature is deemed ready for use in production environments. The endpoint and detection response (EDR) feature in Microsoft Defender Advanced Threat Protection (ATP) has reached the "general availability" stage for macOS devices, Microsoft announced on Wednesday.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |