Forum Discussion
Alert Not Found
We are receiving the following the follow alert from Defender;
2025-08-15T09:26:42-07:00 {SERVERNAME} CEF[6208]0|Microsoft|Azure ATP|##########|AccountEnumerationSecurityAlert|Account enumeration reconnaissance|5|start=2025-08-15T16:23:14.5550516Z app=Ntlm shost=NULL shostfqdn= msg=An actor on NULL performed suspicious account enumeration, exposing 6 existing account names. externalId=2003 cs1Label=url cs1=https://security.microsoft.com/alerts/xx###xxxx-#xx#-####-#x##-##x##x#x#x#x cs2Label=trigger cs2=update
But when we go to the URL listed, we get an error that it can't be found. We are able to see other alerts that come in.
How do I go about finding the details on this error?
2 Replies
- AlmogOmrad
Microsoft
Hi edhealea ,
My name is Almog, I’m a Product Manager at MDI.
I’d love to ask you a few quick questions about your use of Syslog Notifications.
Would you be open to a short conversation?😊Looking forward to connecting,
Almog - EliOfek
Microsoft
Any chance you have several tenants ? if so make sure you are logged in to the correct tenant.
If not, I suggest to open a support case where support can check what happened to this alert.
It requires much more details thus not suitable to discuss over this thread.