question

RusselChristie-8739 avatar image
0 Votes"
RusselChristie-8739 asked MarileeTurscak-MSFT commented

Two Microsoft Defender for Identity Alerts Missing Content

Hello,

Two Defender for Identity alerts that we get regularly come in with almost no information. We believe there is something wrong with the sensor but don't have visibility on it.
1. Account enumeration reconnaissance (on one endpoint)
2. remote code execution (on one endpoint)

Does anyone know what needs to be tweaked in order to enrich these alerts? It's been quite challenging to address them. Thank you!

201612-account-enumeration-reconnaissance.png201631-remote-code-execution.png





microsoft-sentinel
account-enumeration-reconnaissance.png (55.6 KiB)
remote-code-execution.png (77.3 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image MarileeTurscak-MSFT ·

Which details are you hoping to surface? If the connection was attempted via RDP an IP address would not be found in this case.

If you think there is something wrong with the Connector Health you could do a health check to confirm.

You can also create a rule to see custom details.


0 Votes 0 ·

0 Answers