Note: There may be known issues pertaining to this Solution, please refer to them before installing.

The Endpoint Threat Protection Essentials solution provides content to monitor, detect and investigate threats related to windows machines. The solution looks for things like suspicious commandlines, PowerShell based attacks, LOLBins, registry manipulation, scheduled tasks etc. which are some of the most commonly used techniques by attackers when targeting endpoints.

Pre-requisites:

This is a domain solution and does not include any data connectors. The content in this solution supports the connectors listed below. Install one or more of the listed solutions, to unlock the value provided by this solution.

1. Windows Security Events

2. Microsoft 365 Defender

3. Windows Forwarded Events

Keywords: LOLBins, PowerShell, Registry, Lsass, Commandline, scheduled tasks, Malware.

Analytic Rules: 13, Hunting Queries: 10

Learn more about Microsoft Sentinel | Learn more about Solutions