Forum Discussion

RogerB1500's avatar
RogerB1500
Copper Contributor
Sep 27, 2021
Solved

PetitPotam - Defender For Identity Alert IDs

This blog indicates PetitPotam is now detected by Defender For Identity. But what is the corresponding Alert ID? 

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/petitpotam-microsoft-defender-for-identity-has-it-covered/ba-p/2656271

 

The Alert IDs have not been updated since October 2020:

https://docs.microsoft.com/en-us/defender-for-identity/suspicious-activity-guide?tabs=cloud-app-security#security-alert-name-mapping-and-unique-external-ids

  • EliOfek's avatar
    EliOfek
    Sep 30, 2021
    Refresh the docs page and let me know if you can find the missing id's now...

6 Replies

    • RogerB1500's avatar
      RogerB1500
      Copper Contributor
      Sep 28, 2021

      Hi EliOfek, thanks for the info. Please could you tell me the corresponding Cloud App Security ID for this? e.g. 2002 == ALERT_EXTERNAL_AATP_ABNORMAL_KERBEROS_OVERPASS_THE_HASH_SECURITY_ALERT

       

      Hopefully the documentation could be updated to include Alert IDs 2412-2416.

      https://docs.microsoft.com/en-us/defender-for-identity/suspicious-activity-guide?tabs=cloud-app-security#security-alert-name-mapping-and-unique-external-ids

      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft
        Sep 29, 2021
        I don' t know, but I pinged the relevant PM to check this out.