Forum Discussion
Reconnaissance using Directory Services queries Alert
Hi Team, I have recieved Reconnaissance using Directory Services queries alert in ATA stating below details. I dont See the account or the process details from where the querry was t...
EliOfek
Microsoft
MicrosoftMDI will never give you process information as it's not monitoring the endpoint, just the DC. The Actor identity is not always visible in the protocol (When it is, MDI will give you the info). Sometimes it might even be the machine account...
Your best option is if you have MDE on this endpoint, as it does monitor it and might give you more info about which process might have triggered this around this time.
Your best option is if you have MDE on this endpoint, as it does monitor it and might give you more info about which process might have triggered this around this time.