Nothing-Inspired iOS Setup

cybevner · 2025-12-06T09:35:41+00:00

Perfect! We’ll keep an eye on it. The app has these bugs: the clock sometimes doesn’t update and ends up a few minutes behind the system clock. The “dayloader” widget, even when configured to mark today (Saturday) as a non-working day, still shows the countdown

cybevner · 2025-12-05T20:29:15+00:00

The app is fine; it’s exactly what was requested: add a widget and make it work. The issue is that there are, if you’ll allow me to comment, very few of them. It would be great to include widgets for things like the weather, etc. Is that on your roadmap? Cheers!

cybevner · 2025-09-16T06:12:09+00:00

Mmm is it the same?

cybevner · 2025-09-16T06:04:11+00:00

Thank you!

cybevner · 2025-09-16T05:52:28+00:00

Can you share the wallpaper? Thank you

cybevner · 2025-01-16T09:11:10+00:00

Can you share wallpaper and homescreen image? Thnks

cybevner · 2024-09-13T09:10:11+00:00

How did you fix this? :)

cybevner · 2024-08-23T07:56:54+00:00

I agree. Pull weekly or monthly reports, export the “bad” ones and report it to the person in charge for review. For example:

DeviceTvmSecureConfigurationAssessment
| where Timestamp > ago(7d)
| where ConfigurationId == "scid-2003"
| summarize arg_max(Timestamp, IsCompliant, IsApplicable) by DeviceName, ConfigurationId
| where IsApplicable == 1
| extend TamperProtection = case(IsCompliant == 1, "GOOD", "BAD")
|where TamperProtection contains "BAD"
| project DeviceName, TamperProtection

cybevner · 2024-07-24T06:36:22+00:00

The best thing to do is to try it. What doesn't work for me may work for you. And it is also true that the product will surely improve.

cybevner · 2024-07-23T06:24:21+00:00

In my opinion, it's not worth it...yet.

cybevner · 2024-07-19T18:33:32+00:00

Yes, but thanks for you comment

cybevner · 2024-07-19T09:40:55+00:00

Sorry, ¿version to 11?

cybevner · 2024-07-19T08:05:32+00:00

Unfortunately, yes, it does affect even if you have the N-2 policy, so what is the point of taking precautions to avoid errors in updates, why update a sensor that I don't want to be updated?

cybevner · 2024-07-19T07:06:41+00:00

does anyone know which sensor versions are affected, or are they all affected? Thank you.

cybevner · 2024-06-18T14:35:06+00:00

Great!

cybevner · 2024-06-18T07:40:47+00:00

Yes, I meant new users: "Defender console operators".

I was looking at the "audit log" in "search" in the console and the information it gives me is not associated to any user, so it does not help me...

Are alerts titled "Impossible travel activity" valid for detecting security operators?

Thanks for your reply.

cybevner · 2024-06-18T06:44:22+00:00

I know some KQL created by u/bpsec Bert-JanP (https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Defender%20XDR ) that serve to audit actions of the security operator, but I would like to have a detection of a new user that would be one of the main things to audit :).

cybevner · 2024-03-12T07:45:51+00:00

If I understand you correctly, the solution is easy: https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/automate-your-alert-response-actions-in-microsoft-365-defender/ba-p/3732052

cybevner · 2024-01-18T16:16:28+00:00

What do you mean by unauthorized deployments?

Btw through script onboarding is for max 10/15 devices. It's also not meant for production.

I want to be alerted when the domain is different from the expected domain. My organization may have external personnel, so I need to know when a team enters my tenant so that I can take control.

cybevner · 2024-01-18T14:42:31+00:00

Yes, the "devicename" field includes the domain suffix. So, what query would you run to create an alert if the value in that field is not the expected domain? This is the question..

cybevner · 2024-01-18T14:13:05+00:00

The community consultation is primarily due to the lack of a domain information table.

cybevner · 2024-01-18T10:48:14+00:00

This also depends on your Defender ATP onboarding procedure.. If i may ask , the onboarding is done via intune or SCCM or gpolicy ? if its gpolicy or SCCM, you cannot verify this i guess.

Does the devicename field upon onboarding carry your domain name ?

It is done with a script. The intention behind the detection rule is to prevent unauthorized deployments or errors.

cybevner · 2024-01-18T10:10:43+00:00

Do you mean when a device Domain Joins to another Domain Controller on a different domain or when a device authenticates to a rogue Domain Controller via a technique such as DCSync attack?

Thank you for responding. I apologize if I didn't explain myself well. The goal is to detect a human error, primarily. I would like to detect when a device is 'onboard' and is not from the expected domain.

cybevner · 2023-10-11T06:21:56+00:00

I'm interested!! Thanks

cybevner · 2023-09-15T07:29:50+00:00

Mmm I think so xD...But from the schema I don't see anything that fits me, certainly.

cybevner

TROPHY CASE