Forum Discussion

edhealea's avatar
edhealea
Copper Contributor
Aug 15, 2025

Alert Not Found

We are receiving the following the follow alert from Defender;
2025-08-15T09:26:42-07:00 {SERVERNAME} CEF[6208]0|Microsoft|Azure ATP|##########|AccountEnumerationSecurityAlert|Account enumeration reconnaissance|5|start=2025-08-15T16:23:14.5550516Z app=Ntlm shost=NULL shostfqdn= msg=An actor on NULL performed suspicious account enumeration, exposing 6 existing account names. externalId=2003 cs1Label=url cs1=https://security.microsoft.com/alerts/xx###xxxx-#xx#-####-#x##-##x##x#x#x#x cs2Label=trigger cs2=update
But when we go to the URL listed, we get an error that it can't be found. We are able to see other alerts that come in.
How do I go about finding the details on this error?

2 Replies

  • AlmogOmrad's avatar
    AlmogOmrad
    Icon for Microsoft rankMicrosoft
    Aug 20, 2025

    Hi edhealea​ ,

    My name is Almog, I’m a Product Manager at MDI.
    I’d love to ask you a few quick questions about your use of Syslog Notifications.
    Would you be open to a short conversation?😊

    Looking forward to connecting,
    Almog

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Aug 17, 2025

    Any chance you have several tenants ? if so make sure you are logged in to the correct tenant.

    If not, I suggest to open a support case where support can check what happened to this alert.
    It requires much more details thus not suitable to discuss over this thread.

Resources