Forum Discussion
Security principal reconnaissance (LDAP) (external ID 2038)
If downloading the details for this type of alert, shouldn't there be a list ofsuspected users attached within the download?
How long have you had Azure ATP in place? Are you already getting these type of alerts, or is it still in its learning period as per - https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts#security-principal-reconnaissance-ldap-external-id-2038