Skip to content

Commit d1ce962

Browse files
padmagit77padmagit77
authored
Merge pull request #5833 from Ronen-Refaeli/patch-24
Update anomaly detection policy for ransomware activity
2 parents 5e1c58e + ea9be24 commit d1ce962

File tree

1 file changed

+0
-5
lines changed

1 file changed

+0
-5
lines changed

defender-for-cloud-apps/anomaly-detection-policy.md

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@ Based on the policy results, security alerts are triggered. Defender for Cloud A
3636
> - [Suspicious inbox forwarding](#suspicious-inbox-forwarding).
3737
> - [Unusual ISP for an OAuth App](#unusual-isp-for-an-oauth-app).
3838
> - [Suspicious file access activity (by user)](#unusual-activities-by-user).
39-
> - [Ransomware activity](#ransomware-activity).
4039
>
4140
> You will continue to receive the same standard of protection without disruption to your existing security coverage. No action is required from your side.
4241
@@ -92,10 +91,6 @@ This detection identifies that users were active from an IP address that has bee
9291

9392
### Ransomware activity
9493

95-
> [!NOTE]
96-
> As part of ongoing improvements to Defender for Cloud Apps alert threat protection capabilities, this policy has been disabled, migrated to the new dynamic model and renamed to **Ransomware payment instruction file uploaded to {Application}**.
97-
> If you previously configured governance actions or email notifications for this policy, you can re-enable it at any time in the Microsoft Defender portal > Cloud Apps > Policy management page.
98-
9994
Defender for Cloud Apps extended its ransomware detection capabilities with anomaly detection to ensure a more comprehensive coverage against sophisticated Ransomware attacks. Using our security research expertise to identify behavioral patterns that reflect ransomware activity, Defender for Cloud Apps ensures holistic and robust protection. If Defender for Cloud Apps identifies, for example, a high rate of file uploads or file deletion activities it may represent an adverse encryption process. This data is collected in the logs received from connected APIs and is then combined with learned behavioral patterns and threat intelligence, for example, known ransomware extensions. For more information about how Defender for Cloud Apps detects ransomware, see [Protecting your organization against ransomware](best-practices.md#detect-cloud-threats-compromised-accounts-malicious-insiders-and-ransomware).
10095

10196
### Activity performed by terminated user

0 commit comments

Comments
 (0)