Forum Discussion
Honeytoken alerts FP
Hi! We do have a lot of "Honeytoken activity" since 23.11.2022 starting in the evening (MET timezone). Normally, in the past this kind of alert only appeared during planed penetration tests and ...
Just to give anybody an update on this:
This weekend, the security portal started to create alerts for the honeytoken activity; this is kind of new because recently, those alerts were only shown within the "old" Defender for Identity portal and also the MCAS alert overview.
Long story short:
As i didn't find a solution for our scenario yet, i "deleted" the honeytoken user from the MDI honeytoken settings. Not useful any longer 😞
This weekend, the security portal started to create alerts for the honeytoken activity; this is kind of new because recently, those alerts were only shown within the "old" Defender for Identity portal and also the MCAS alert overview.
Long story short:
As i didn't find a solution for our scenario yet, i "deleted" the honeytoken user from the MDI honeytoken settings. Not useful any longer 😞
DefenderAdmin version 1.98 should fix it. Do you have it deployed already? Please see the what's new page for the info.