You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following section lists down questions your SOC team might have about the Microsoft Defender Experts for Hunting service:
29
+
The following section lists down questions your security operations center (SOC) team might have about the Microsoft Defender Experts for Hunting service:
30
30
31
31
| Questions | Answers |
32
32
|---------|---------|
33
-
|**What is Microsoft Defender Experts for Hunting service?**|[Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) provides a proactive threat hunting service to identify threats in advance. Defender Experts for XDR also includes the proactive threat hunting offered by Defender Experts for Hunting.|
34
-
|**Does Defender Experts for Hunting either use or require Microsoft Sentinel or a security information and event management (SIEM)?**| No. Defender Experts doesn't use any third-party data ingested either via Microsoft Sentinel or any other SIEM platform.|
35
-
|**What products does Defender Experts for Hunting operate on?**|This service relies on event signals from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity, along with proprietary Microsoft Threat Intelligence sources. Any event definitions not authored by Microsoft Defender products, such as third-party events or detections, fall outside the scope of Defender Experts for Hunting..|
36
-
|**Does Defender Experts for Hunting replace my threat hunting team?**| Defender Experts for Hunting doesn't replace your internal hunting team but instead augments their capabilities. The Defender Experts for Hunting service targets new and emerging threats, addressing industry knowledge gaps in identifying them.|
37
-
|**What is the role of Defender Experts for Hunting in the context of a purple team exercise?**| Defender Experts for Hunting is part of the blue team in a purple team exercise (Red Team and Blue Team coordinated work stream). Defender Experts for Hunting complements your internal hunting team by enhancing their capabilities rather than replacing them.|
38
-
|**What actions can your experts take during a hunting investigation that results in a Defender Experts Hunting Notification?**| During threat hunting investigations, our analysts refrain from taking direct actions on customer assets. Instead, they provide detailed information, including threat summary and hunting queries that show the timeline of events for the identified attack and remediation action recommendations. Defender Experts Notifications will provide guidance on how to review and address the novel threat.|
39
-
|**What types of incidents can your experts investigate?**| Defender Experts for Hunting specializes in addressing the evolving threat landscape, bridging industry knowledge gaps, and recommending the most effective ways to identify these threats. This service doesn't prioritize well-established threats that are adequately addressed by Defender products. However, when a well-known tactic is employed to generate a novel attack, Defender Experts will diligently identify both the novel and existing attack tactics. [See the detailed review in our Defender Experts blogs on novel attacks](https://techcommunity.microsoft.com/tag/Defender%20Experts%20for%20Hunting?nodeId=board%3AMicrosoftSecurityExperts).|
40
-
|**Can your experts help me improve my security posture?**| The scope of the posture change recommendation is limited to the scope of the Defender Experts Notification and is limited to preventing the attack identified in the context of the notification.|
41
-
|**Can Defender Experts for Hunting help with an active compromise or vulnerability?**| No, Defender Experts currently don't provide incident response services. Contact your Microsoft representative or fill out the Experiencing a Cybersecurity Incident? form to engage Microsoft Incident Response for incident response assistance.|
33
+
|**What is the Microsoft Defender Experts for Hunting service?**|[Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) provides a proactive threat hunting service to identify threats in advance. <br><br>[Microsoft Defender Experts for XDR](dex-xdr-overview.md) also includes the proactive threat hunting offered by Defender Experts for Hunting.|
34
+
|**Does Defender Experts for Hunting use or require Microsoft Sentinel or a security information and event management (SIEM) platform?**| No. This service doesn't use any non-Microsoft data ingested either through Microsoft Sentinel or any other SIEM platform.|
35
+
|**What products does Defender Experts for Hunting operate on?**|Defender Experts for Hunting relies on event signals from Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity. It also relies on proprietary Microsoft Threat Intelligence sources. Any event definitions not authored by Microsoft Defender products, such as third-party events or detections, fall outside the scope of this service.|
36
+
|**Does Defender Experts for Hunting replace my threat hunting team?**| Defender Experts for Hunting doesn't replace your internal hunting team but instead augments their capabilities. This service targets new and emerging threats, addressing industry knowledge gaps in identifying them.|
37
+
|**What is the role of Defender Experts for Hunting in the context of a purple team (red team and blue team coordinated work stream) exercise?**| Defender Experts for Hunting is part of the blue team in a purple team exercise. It complements your internal hunting team by enhancing their capabilities rather than replacing them.|
38
+
|**What actions can your experts take during a hunting investigation that results in a Defender Experts Notification?**| During threat hunting investigations, our analysts refrain from taking direct actions on customer assets. Instead, they provide detailed information, including a threat summary and hunting queries that show the timeline of events for the identified attack, and remediation action recommendations. Defender Experts Notifications provide guidance on how you can review and address the novel threat.|
39
+
|**What types of incidents can your experts investigate?**|The Defender Experts for Hunting service specializes in addressing the evolving threat landscape, bridging industry knowledge gaps, and recommending the most effective ways to identify these threats. Our experts don't prioritize well-established threats that Microsoft Defender products address adequately. However, when a well-known tactic is employed to generate a novel attack, our experts identify both the novel and existing attack tactics diligently. [Learn more about novel attacks in our in the Microsoft Security Experts Blog](https://techcommunity.microsoft.com/tag/Defender%20Experts%20for%20Hunting?nodeId=board%3AMicrosoftSecurityExperts)|
40
+
|**Can your experts help me improve my security posture?**| The scope of the posture change recommendation is limited to the scope of a Defender Experts Notification and is limited to preventing the attack identified in the context of the notification.|
41
+
|**Can Defender Experts for Hunting help with an active compromise or vulnerability?**| No, Defender Experts currently don't provide incident response services. Contact your Microsoft representative or fill out the [Experiencing a Cybersecurity Incident?](https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbRypQlJUvhTFIvfpiAfrpFQdUOTdRRFpDUFQ1TzNLVFZXV0VUOVlVN0szUiQlQCN0PWcu) form to engage Microsoft Incident Response for incident response assistance.|
42
42
|**How can my organization participate in the Defender Experts for Hunting service?**| Reach out to your Microsoft representative to express your interest in Defender Experts for Hunting.|
43
-
|**Does Defender Experts for Hunting cover cloud servers that have Microsoft Defender for Endpoint deployed on them.**| Defender Experts for Hunting also covers servers—whether on premises or on a hyperscale cloud service provider—that have Microsoft Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license. For Defender Experts coverage, a server is considered as a user seat for billing. The service doesn't cover Microsoft Defender for Cloud. [Learn more about specific hardware and software requirements](/defender-endpoint/minimum-requirements)|
44
-
|**Once I see a Defender Experts Notification, if I have questions, how do I communicate with the Defender Experts for Hunting team?**| The **Ask Defender Experts** option in the Microsoft Defender XDR security portal delivers swift and accurate responses to all your threat-hunting questions. However, this service is limited to questions related specifically to Defender Experts for Hunting.|
45
-
|**What kinds of inquiries could I submit in the Ask Defender Experts capability?**| Ask Defender Experts is intended to provide a better understanding of complex threats affecting your organization – focused on products included in Microsoft Defender XDR that is Microsoft Defender for Endpoint, Microsoft Defender for Office, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identify. Inquiries related to custom detections in the above products (that is, non-Defender XDR and third-party cybersecurity products), bugs in your product experience in the Defender XDR portal, and those related to security incident response services can't be handled by Ask Defender Experts. [See details on how to collaborate with Defender Experts](experts-on-demand.md).|
46
-
|**What certifications does the Defender Experts service have?**| Defender Experts for Hunting is certified for [HIPAA](/compliance/regulatory/offering-hipaa-hitech) and ISO.|
47
-
|**How is customer data protected?**| Review the section at [data retention and protection](before-you-begin-defender-experts.md#data-collection-usage-and-retention).|
48
-
|**Does the hunting service offer Real-time threat remediation with boots on ground?**| No, the hunting service doesn't cover real-time threat remediation. Despite this, Microsoft provides professional on-site service through our Microsoft Incident Response team. This service requires a separate contract. We prioritize customer needs and have a swift turnaround time. Contact your Customer Service Account Manager or CSAM for further assistance.|
49
-
|**Is there a graph API to fetch the Defender Experts Notifications content?**| Yes. For more details, check [Access incident notifications using Graph API](access-den-graph-api.md).|
43
+
|**Does Defender Experts for Hunting cover cloud servers that have Microsoft Defender for Endpoint deployed on them?**| Defender Experts for Hunting covers servers—whether on premises or on a hyperscale cloud service provider—that have Microsoft Defender for Endpoint deployed on them with a Microsoft Defender for Endpoint for Servers license. For Defender Experts coverage, a server is considered as a user seat for billing. The service doesn't cover Microsoft Defender for Cloud. [Learn more about specific hardware and software requirements](/defender-endpoint/minimum-requirements)|
44
+
|**Once I see a Defender Experts Notification, if I have questions, how do I communicate with the Defender Experts for Hunting team?**| The **Ask Defender Experts** option in the Microsoft Defender portal delivers swift and accurate responses to all your threat-hunting questions. However, this service is limited to questions related specifically to Defender Experts for Hunting. [Learn more about Ask Defender Experts](experts-on-demand.md)|
45
+
|**What kinds of inquiries could I submit in Ask Defender Experts?**| Ask Defender Experts is intended to provide a better understanding of complex threats affecting your organization. It focuses on products included in Microsoft Defender XDR (Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender for Identity). It doesn't answer inquiries related to custom detections in the above products (that is, non-Defender XDR and third-party cybersecurity products), bugs in your product experience in the Defender portal, and those related to security incident response services. [See some sample questions you can ask our Defender Experts](experts-on-demand.md#sample-questions-you-can-ask-from-defender-experts)|
46
+
|**What certifications does the Defender Experts for Hunting service have?**| Defender Experts for Hunting is certified for [HIPAA and ISO](/compliance/regulatory/offering-hipaa-hitech).|
47
+
|**How is customer data protected?**| For more information about Microsoft's commitment in valuing and protecting your data, see [Data collection, usage, and retention](before-you-begin-defender-experts.md#data-collection-usage-and-retention). You can also visit the [Trust Center](https://www.microsoft.com/en-us/trust-center/product-overview) then scroll down to **Additional products and services** > **Managed Security Services** > [**Microsoft Defender Experts**](https://aka.ms/trustcenter-defenderexperts).|
48
+
|**Does the hunting service offer real-time threat remediation with boots on ground?**| No, the hunting service doesn't cover real-time threat remediation.<br><br>Despite this, Microsoft provides professional on-site service through our [Microsoft Incident Response team](https://www.microsoft.com/en-us/security/business/microsoft-incident-response?msockid=2c408e0b54cc68301f9a9b55554869f3). This service requires a separate contract. We prioritize customer needs and have a swift turnaround time. Contact your Customer Service Account Manager for further assistance.|
49
+
|**Is there a graph API that can fetch Defender Experts Notifications content?**| Yes. For more information, see [Access incident notifications using Graph API](access-den-graph-api.md).|
50
+
51
+
### See also
52
+
-[Before you begin using Defender Experts for Hunting](before-you-begin-defender-experts.md)
53
+
-[Start using Defender Experts for Hunting](onboarding-defender-experts-for-hunting.md)
0 commit comments