January 2024 WDAC Advanced Hunting changes
Andrew Microsoft today published an update advisory for Windows Defender Application Control (WDAC) Advanced Hunting changes that could have an impact if you have any hunting rules or dashboards in place.…
Confirm what WDAC policies are present on a device
Windows Defender Application Control (WDAC) is an application control system integrated into Windows 10/11 and is used within Enterprise to whitelist trusted applications, allowing them to run, and blocking either…
#TIL KQL parse_path() function
Working with Sentinel and Log Analytics is nearly a daily task for me of late, and working with WDAC of late interrogating file paths was something I was finding very…