SaaS Alerts' Office Hours | 1.14.25

  Рет қаралды 53

SaaS Alerts

SaaS Alerts

Күн бұрын

EDR System Configuration and Feedback
Anthony, Ben and Tina discussed SaaS Alerts’ EDR integrations. Tina raised a concern about the lack of detail in the emails she receives, specifically the absence of the device name and organization. Ben suggested that she might have missed the checkbox for showing detailed information. Tina agreed to send an example of the emails she received to Ben and Anthony for further investigation. The team emphasized the importance of feedback in improving the platform's functionality.
Discussing Honeypot File Alerts and Attacks
Anthony, Tina, Ben, Enrique and Austin discussed various topics related to their work. Tina shared her experience with a honeypot file in her OneDrive account, which triggered alerts when she browsed to it. Ben and Anthony confirmed they had seen similar situations before and suggested that it could be a useful tool for partners to discuss with their clients about managing data on unmanaged devices. Enrique added that this issue was common with their customers and that syncing a mobile app could trigger alerts even without downloading the file. Ben then shared a new trend of brute force attacks originating from Brazil, which they were considering adding a rule for. Austin mentioned that he had seen similar attacks twice the previous day, but the geofence had prevented any unauthorized access.
Investigating Brute Force Attack Suspected
Austin, Ben and Anthony discussed a potential brute force attack on a user's account. Austin initially suspected the attack was related to the abuse of password lists, but after further discussion, they considered the possibility that the attack was blocked by Conditional Access. They also discussed the possibility that the geo-fence might have kicked in after the authentication but before MFA. The team agreed to further investigate the issue, with Austin noting that the result detail showed the password as failed, even though it was marked as successful. They concluded that the issue might be related to a malicious IP or a Conditional Access violation and decided to continue monitoring the situation.
Addressing Authentication Issues and Integration
Austin, Ben, Anthony, Steven and Enrique discussed a new feature that has recently emerged, which is causing some unusual authentication issues. They speculated that it might be a new software or a malicious activity, but they couldn't pinpoint the exact cause. They also discussed the potential of integrating Defense X with SaaS Alerts for better tracking of usage and activity. The team agreed to continue monitoring the situation and exploring possible solutions.
API Specification and Geolocation Monitoring
Anthony highlights the importance of open APIs for monitoring purposes and encourages advocating for this with software developers. Rusty asks about an alert triggered from an approved location (Texas) after approving another location (Mexico) for a user. Anthony explains the need to specify both the user's keyboard location and the server location for accurate geolocation monitoring.
Platform Methodology and Automation Discussion
The team discussed the platform's new methodology, which has caused some confusion. Anthony clarified that the platform now follows a verb-noun approach, which is a departure from the previous noun-verb method. He also mentioned that the data built into the platform can be accessed and shared via API. Steven expressed interest in potentially replicating some of the data for his own use and documentation. Ben offered to help Steven with this task if necessary. The team also discussed the potential for automation in their processes, with Ben suggesting the use of Power Automate to update user information.
KZbin Video Posting and Data Analysis
Ben shared his personal template for posting KZbin videos, which uses the Google API and Chat GPT to generate an article. DJ discussed his ongoing analysis of data sets and the need to tie the data to campaign sources, such as phishing emails or malware distributions. Ben also shared his findings on the origins of some IP addresses, suggesting they might be residential. Anthony encouraged the team to reach out if they found the Discord channel lacking and reminded them about the upcoming community call. Steven proposed a feature request for MSP users to access rule triggers in the portal. Anthony emphasized the importance of user feedback in the platform's development.

Пікірлер
SaaS Alerts' Office Hours | 1.28.25
58:30
SaaS Alerts
Рет қаралды 51
Port Community Session: January 2025 Edition
33:44
Quilt Challenge, No Skills, Just Luck#Funnyfamily #Partygames #Funny
00:32
Family Games Media
Рет қаралды 55 МЛН
Don’t Choose The Wrong Box 😱
00:41
Topper Guild
Рет қаралды 62 МЛН
SaaS Alerts' Office Hours | 12.17.24
46:24
SaaS Alerts
Рет қаралды 29
AI Is Making You An Illiterate Programmer
27:22
ThePrimeTime
Рет қаралды 302 М.
SaaS Alerts' Office Hours | 11.19.24
48:11
SaaS Alerts
Рет қаралды 23
Caerusnet 2024 MVP Member Event: Words of Wisdom For All
1:08:49
Caerusnet Referral Teams OFFICIAL CHANNEL
Рет қаралды 6
SaaS Alerts' Office Hours | 12.17.24
1:00:13
SaaS Alerts
Рет қаралды 52
SaaS Alerts Demo & Review for MSPs // Demo Days
1:00:44
RocketMSP
Рет қаралды 924