Forum Discussion
Azure ATP Sensor tries to connect to public IPs
This is expected communication and is part of the NNR process AATP uses to resolve the IP address in the network traffic to a computer name.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-prerequisites#ports
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-nnr-policy
Best
Gershon
- gd-29Aug 07, 2019Brass Contributor
Gerson Levitz this makes sense for private IPs, i don't see why it would try to connect public IPs. that also generates a lot of noise on our firewalls / SIEM. it would be ideal to be able to select the IP ranges that i would want the agent to interrogate for this additional info.
- Gerson LevitzAug 07, 2019Iron Contributor
- gd-29Aug 07, 2019Brass Contributor
Gerson Levitz no. But after the agent installation i see these connection attempts to our public dns provider (configured on our domain controller dns for dns forwarding).