Tuesday, February 25, 2025, 12:00 PM ET / 9:00 AM PT (webinar recording date)
Microsoft Defender XDR Webinar | Learn About Insider Risk Management Data in Microsoft Defender XDR
Presenters: Amisha Gupta
Description:
Recently launched in public preview, Microsoft Purview Insider Risk Management data is now available in Microsoft Defender XDR. Now, you can: (1) Programmatically access IRM alerts, Indicators and events through Graph API and manage the alert lifecycle (2) Leverage KQL on the top of IRM data to detect risky user behaviors patterns through Advanced hunting (3) Create your own custom detection alerts on the top of IRM data by authoring KQL based detection rules (4) Investigate IRM alerts in Defender to get a single pane of glass view across various detection sources. Whether you are more familiar with Microsoft Purview Insider Risk Management or Microsoft Defender XDR, join this session to learn more about how you can leverage this offering to protect your organization better and faster.
Timestamps:
00:00 – Introduction
00:30 – What is Insider Risk Management?
08:18 – Insider Risk Management Integration with Defender XDR Integration
11:36 – Investigate Insider Risk Management Alerts in Defender XDR Alert and Incident Queue
13:16 – Hunt for Insider Risk Threats Using Advanced Hunting
17:00 – Take Insider Risk Management Data to Your SIEM
24:59 – Workflow
28:25 – Q/A, Outro
SUBSCRIBE for new Microsoft Security videos every week.
https://aka.ms/SecurityCommunity/Subscribe
To ensure you hear about future Microsoft Defender XDR webinars and other developments, make sure you join our community by going to https://aka.ms/SecurityCommunity
#MicrosoftDefenderXDR #IRM #KQL #InsiderRiskManagement #GraphAPI #Microsoft #MicrosoftPurview #Purview #XDR #ThreatHunting