According to Oren Saban’s post (Microsoft 365 Defender – Product Manager) on Microsoft Tech Community, Microsoft has unveiled a new file page to transform security teams’ analysis and pivoting processes. This significant update allows users to delve deeper into files, examining their occurrence throughout the organization and assessing their influence on security incidents. Introducing these enhanced file analysis and pivot capabilities in Microsoft 365 Defender promises to deliver valuable insights for security professionals. Along with these features, Microsoft is also set to launch an affordable Windows 365.
New interface: Microsoft 365 Defender unveils a new file page interface, offering valuable insights into file prevalence and impact within organizations. Users can access details like device trendlines, file names, associated cloud applications, incidents, alerts, and worldwide statistics.
Pivoting: The “Observed in organization” section now provides detailed information on file activities, including execution status, events, initiation process, and associated file names, giving security teams a complete view.
File history: Users can now access the complete six-month file history on any device or event with a simple click. This feature allows them to navigate effortlessly to the initial event recorded on the device timeline.
Cloud Security: The file page now includes a “Cloud apps” list, showing all the cloud applications where the file has been detected using Microsoft Defender for Cloud Apps policies. This addition allows security experts to easily switch to the cloud app or policy page for further examination. With this expanded scope, defenders can identify threats from cloud applications and respond accordingly.
Investigation with additional capabilities and information: They have enhanced file capabilities and added the file content feature, allowing defenders to determine file verdicts with a single click. The new capabilities leverage Microsoft research to correlate file activities with MITRE ATT&CK techniques, providing insights into a file’s potential capabilities. Additionally, security professionals gain detailed information about PE files, including observed execution of MITRE ATT&CK techniques. Defenders can also initiate deep analysis of files, monitor progress, and view results seamlessly.
Accessing the new file page: Accessing the new file page is now more accessible through multiple entry points. You can use global search to find files by name or SHA256/SHA1, Incidents and Alerts to access files mentioned in incidents or alerts, and the device timeline to view activities associated with a specific device. Clicking on a file in any of these places will take you directly to its file page for more information and analysis.
Defenders’ file investigation: Microsoft 365 Defender unveils file analysis and pivot capabilities, empowering security teams to investigate and respond to file-based threats more effectively. Defenders gain detailed insights into file behavior and execution, bolstering their security posture and proactive threat mitigation. Stay ahead with Microsoft 365 Defender’s cutting-edge capabilities.