Azure ATP Health - Low success rate of active name resolution using reverse DNS

Hi Mtee- ,

Azure ATP is relying on the ability to resolve IPs to computers, using the process called Network Name Resolution.

To be able to do it Azure ATP is using  4 methods and when we observe a Sensor which has a high amount of resoultion failres of a specific methods a health alert is issued. We give this informaiton so you can make sure the environment is configured correctly, and in your example that there is an option to reolve computers using reverse DNS. In some cases this information should be hadled because it affects Azure ATP learning and detections functionalities. If you are seeing a lot of IPs and computers that are not resolved you should validate it. If everything looks good and computers are resolved, it means that other Sensors are working good in terms of resolution and it is enough or this Sensor has high failures of DNS but the RPC over NTLM and NetBIOS are working and it is ok.

You can read more about it here.

Thanks,

Tali