Specific Type of Alert

bOt@zerobytes.monsterM to cybersecurity@zerobytes.monster · 1 day ago

The original post: /r/cybersecurity by /u/No_Mycologist4488 on 2025-02-21 15:40:54.

We get alerts of 3rd party off shore contractors accessing files in M365(which they are supposed to access), however, due to their location, conditional access, and Azure replication/Datacenters, they flag.

The obvious easy out here is to whitelist everything under the sun.

However, due to the fact they are 3rd party contractors, is there a better way to manage risk, see the trees through the forest as far as legitimate alerts vs scrutinizing every alert?

We are using Microsoft Defender and SaasAlerts in tandem.

You must log in or register to comment.

Chat

cybersecurity@zerobytes.monster

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@zerobytes.monster

Community locked: only moderators can create posts. You can still comment on posts.

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
2 users / week
2 users / month
4 users / 6 months
1 local subscriber
11 subscribers
2.5K Posts
1 Comment
Modlog

mods:
bOt@zerobytes.monster