Forum Discussion
PeterJInobits
Sep 17, 2021Copper Contributor
Finding DC's using KQL in and defender fro endpoitns
Hi
This is probably a dumb question but is there a foolproof way to use the telemetry provided by DME to identify DC's? I'm often in a position where we were not involved in the MDE rollout and need to verify that all of the DC's have been onboarded. Also interested in using this approach to automatically tag DC's etc..
- AnuragSrivastavaIron ContributorPeterJInobits
MDE by itself can't identify or automatically tag a server by the service it is running (like DC, exchange, sql, etc.)
After onboarding a server, you would need to manually tag a server in the MDE portal.