Kevin Beaumont on Nostr: So in general the incident data is well anonymized. One thing for MS Security ...
So in general the incident data is well anonymized.
One thing for MS Security customers to be aware of - it contains a unique OrgID, timestamps and malware family names, e.g. this one was dealing with Mimikatz, reverse proxy etc mid June this year.
The so what being if you have an incident people might be able to spot it and what you did during incident. It looks like the MS AI team are taking the MS Security data where customers filled out true positive/benign positive/false positive fields.
Published at
2024-12-16 10:36:24Event JSON
{
"id": "0f75ac1f199652689a16a5942059842c88ef0b683ff0adb4747b14dfea85a418",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1734345384,
"kind": 1,
"tags": [
[
"e",
"73e389edd80e5eaf3e216f49e00d4a977053f6ae10c02160fb0dec1bfb261342",
"wss://relay.mostr.pub",
"reply"
],
[
"imeta",
"url https://cyberplace.social/system/media_attachments/files/113/662/034/647/097/427/original/fd5ab2b992aac281.png",
"m image/png",
"dim 2167x1605",
"blurhash U5ODnI00M{?bt7RjRjt7ofofIUoft7WBWBay"
],
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/113662059111829321",
"activitypub"
]
],
"content": "So in general the incident data is well anonymized.\n\nOne thing for MS Security customers to be aware of - it contains a unique OrgID, timestamps and malware family names, e.g. this one was dealing with Mimikatz, reverse proxy etc mid June this year.\n\nThe so what being if you have an incident people might be able to spot it and what you did during incident. It looks like the MS AI team are taking the MS Security data where customers filled out true positive/benign positive/false positive fields.\n\nhttps://cyberplace.social/system/media_attachments/files/113/662/034/647/097/427/original/fd5ab2b992aac281.png",
"sig": "7f0e63ffc8c345a9eee3901d71cb1c5a9d10fb760d22f62c2751dc45a7c8055c9451043df5b6f1501276cd82170fba98a7482be94f15edd4df328d8fa0458168"
}
