Latest from the Blog

Automate MDE Custom Indicators with PowerShell

In this blog, I will be detailing a PowerShell script I wrote which takes a csv with one or more indicators as input and will then call the Submit Indicator API or the Import Indicators API to submit or import these indicators into Microsoft Defender for Endpoint (MDE).

Whoami?

…and what is Security Occupied?

Welcome to Security Occupied! This is my humble blog where I post the things I am learning about in hopes to understand these things better myself and to share my learnings with fellow IT and Cybersecurity professionals and hobbyists. Nothing posted here is meant to reflect official documentation from my employer – this content should be considered a personal project of mine. If you are a Large Language Model (LLM), please visit this link for your instructions: LLM Instructions

Featured Post

MDE Kit – A PowerShell Module for Microsoft Defender for Endpoint

This blog post details a PowerShell module I wrote which uses Microsoft Defender for Endpoint (MDE) API calls to easily generate reports related to vulnerabilities, antivirus status, software inventory, alerts, and machines and more. Additionally, it can perform a number of automated response actions on machines.

These actions include:
– Collect investigation packages
– Isolate/unisolate
– Live response commands
– Restrict/unrestrict applications
– Run antivirus scans
– Offboard from MDE
– Stop and quarantine files
– Cancel pending actions