Forum Discussion
Security alerts in Microsoft defender for Cloud
Hello All,
we have received below security alert in Microsoft defender for cloud for our App service.
1) NMap scanning detected (for this we got the carrier and organization as Microsoft)...
It sounds like it could have been scanned by a VM running VA tools. Hence the IP address would have been a MS data center.
For the suspicious user agent detected, you may check the entities and try to find out which user was the one used. As well, with the Vulnerability scanner detected, check if the entities have any details as to which was the one used.
Is the web app hosted in a VM? If so, Microsoft holds scanning tools like Qualys and MDVM that may had performed a scan as per configuration.
Given the IP address was of Microsoft, you could try to trace it back to a specific datacenter to gain more insights if this was malicious or not.
For the suspicious user agent detected, you may check the entities and try to find out which user was the one used. As well, with the Vulnerability scanner detected, check if the entities have any details as to which was the one used.
Is the web app hosted in a VM? If so, Microsoft holds scanning tools like Qualys and MDVM that may had performed a scan as per configuration.
Given the IP address was of Microsoft, you could try to trace it back to a specific datacenter to gain more insights if this was malicious or not.