Forum Discussion

RogerB1500's avatar
RogerB1500
Copper Contributor
Sep 27, 2021
Solved

PetitPotam - Defender For Identity Alert IDs

This blog indicates PetitPotam is now detected by Defender For Identity. But what is the corresponding Alert ID?  https://techcommunity.microsoft.com/t5/security-compliance-and-identity/petitpotam-...
  • EliOfek's avatar
    EliOfek
    Sep 30, 2021
    Refresh the docs page and let me know if you can find the missing id's now...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Sep 27, 2021
The alert ID for PetitPotam alert is 2416.
  • RogerB1500's avatar
    RogerB1500
    Copper Contributor
    Sep 28, 2021

    Hi EliOfek, thanks for the info. Please could you tell me the corresponding Cloud App Security ID for this? e.g. 2002 == ALERT_EXTERNAL_AATP_ABNORMAL_KERBEROS_OVERPASS_THE_HASH_SECURITY_ALERT

     

    Hopefully the documentation could be updated to include Alert IDs 2412-2416.

    https://docs.microsoft.com/en-us/defender-for-identity/suspicious-activity-guide?tabs=cloud-app-security#security-alert-name-mapping-and-unique-external-ids

    • EliOfek's avatar
      EliOfek
      Icon for Microsoft rankMicrosoft
      Sep 29, 2021
      I don' t know, but I pinged the relevant PM to check this out.
      • RogerB1500's avatar
        RogerB1500
        Copper Contributor
        Sep 29, 2021
        Thanks