You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
soc detection
About this tag
The soc detection tag on WindowsForum.com covers security operations center detection techniques, with a focus on identifying malicious activity in Microsoft 365 environments and monitoring AI assistants like ChatGPT, Microsoft Copilot, and Google Gemini. Recent discussions highlight how attackers use legitimate credentials and trusted infrastructure to evade traditional authentication alarms, emphasizing that successful logins should trigger investigation rather than trust. Content also explores how enterprise security teams must treat AI agents as a new identity class, using behavior analytics to detect anomalous activity, prompt injection, and unauthorized access. These threads reflect the evolving threat surface where normal-looking access and sanctioned AI tools become vectors for compromise, requiring SOC teams to adapt detection strategies accordingly.
Barracuda reported in late May 2026 that malicious Microsoft 365 logins from traditionally low-risk countries, including the United States and United Kingdom, rose by about 25 percent in April, as attackers used legitimate credentials and trusted-looking infrastructure to avoid obvious...
Exabeam’s latest expansion of Agent Behavior Analytics lands at a moment when enterprise AI has stopped looking like a novelty and started behaving like infrastructure. By extending monitoring to OpenAI ChatGPT and Microsoft Copilot, while retaining coverage for Google Gemini, the company is...
Exabeam’s push to watch ChatGPT, Microsoft Copilot, and Google Gemini is more than another product update. It is a sign that enterprise security teams are being forced to treat AI agents as a new class of identity, one that can hold privileges, touch data, and make mistakes at machine speed. The...