Forum Discussion

Copper Contributor

May 01, 2020

Security principal reconnaissance (LDAP) (external ID 2038)

If downloading the details for this type of alert, shouldn't there be a list ofsuspected users attached within the download?

PeterRising

MVP

May 02, 2020

edhealea

How long have you had Azure ATP in place? Are you already getting these type of alerts, or is it still in its learning period as per - https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-reconnaissance-alerts#security-principal-reconnaissance-ldap-external-id-2038

edhealea

Copper Contributor

May 04, 2020

It has been install for over 6 months. We have had one of these alerts in the past week which prompted the question from by CSOC team. They were expecting to see users in the alert. PeterRising

PeterRising
MVP
May 04, 2020
edhealea

Are you able to share a screen shot of what is contained in the alert?
- edhealea
  Copper Contributor
  May 05, 2020
  Which part of the alert do you want? The download details or actual alert in the console?
  - Or Tsemah
    Former Employee
    May 06, 2020
    We are tracking a potential issue that should be addressed in the latest update to the service which is currently being deployed, please check again once you have version 2.113