Windows Defender ATP API allows you to run a query on a system. Here's a query to get "Links opened from Outlook" - Great for finding out if your users clicked on a malicious email links: http://github.com/microsoft/Wind …
Also bravo to the @WindowsATP team for this resource! #InfoSec
-
-
Replying to @MSAdministrator @WindowsATP
There are many great queries out there from
@WindowsATP
I suggest taking a look at their entire github. I have already implemented a few and made minor adjustments for alerting.1 reply 0 retweets 2 likes -
Replying to @MrHerbie_ @WindowsATP
Yeah, I have as well but just thought that this one unique.
2 replies 0 retweets 1 like
Replying to @MSAdministrator
Please upload to our Github!! Please
thanks!! 
11:58 AM - 2 Jul 2019
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.