DEX
Embedded Files
Defender Experts for Hunting (DEX) previously known as Microsoft Threat Experts is a managed threat hunting service that provides an Organization’s Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in your unique environments don’t get missed.
Role & Responsibility
Role & Responsibility
Research, analysis, solution design, design systems, user-testing.
Team
Team
1 UX designer, 1 project manager, 6 software engineers
Hunting and gathering information
Hunting and gathering information
Security Operation Centers (SOCs) receive alerts on critical threats in their Org’s network. Hunters treat these events as evidence. To find out the malicious events or expected malicious events, hunters need to pull out more data from the database.
The type of informations:
Organisational information
Source information
Different query result
Timeline
Process tree
Query
Query
A query means a request for information.
In the product context, hunters use Kusto Explorer or excel plugin which in the backend queries Kusto explorer.
Goal
Goal
Simplify the way to seamless extraction of deep information.
Acceptance criteria:
Reduce the number of tool hops from 3 to 1 for investigation.
Reduce time taken to investigate from ~10 mins to <2 mins.
Create a seamless experience to run infinite queries
Acceptance criteria
Acceptance criteria
Reduce the number of tool hops from 3 to 1 for investigation.
Reduce time taken to investigate from ~10 mins to <2 mins.
Create a seamless experience to run infinite queries
Design philosophy
Design philosophy
Empower through minimising the effort
Scope
Scope
The scope is to build a simplified query tool experience in the Triage & Investigation tool. Though the This tool will not replace the Kusto.
UX ResearcH
UX ResearcH
User journey
Expanded view
Persona
Competitive analysis
Primary research
Discussion with users
We had focus group and individual discussion with hunters to figure out the problem.
Current scenario
Kusto Query
2. MS Excel
3. Process tree
Insight
Explorations
Explorations
Final Design
Final Design
Summary
We got good feedback from analysts and hunters as their investigation time reduced to less than 2 mins. Also, the scope of the project increased to re-construct the whole product.
Page updated
Google Sites
Report abuse