Forum Discussion

Copper Contributor

May 27, 2021

Solved

Network mapping reconnaissance (DNS)

Hi everybody, i get an warning in MCAS "Network mapping reconnaissance (DNS)" because of my Vulnerability Scanner. I wan't to get notified like in every alert rule in MCAS. But i can't find where i...

Cloud App Security

Joe Stocker
May 30, 2021
"Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp

Joe Stocker

Bronze Contributor

May 29, 2021

That specific alert is actually coming from Microsoft Defender for Identity product. MCAS is just showing you the alerts from MDI. To configure MDI to send you email alerts for the DNS recons, browse to MDI here: http://portal.atp.azure.com/
In the Defender for Identity portal, select the settings option on the toolbar and select Configuration. Click Notifications. Under Mail notifications, add email addresses for the notifications you want to receive - they can be sent for new alerts

See documentation here: https://docs.microsoft.com/en-us/defender-for-identity/notifications#:~:text=In%20the%20Defender%20for%20Identity,activities)%20and%20new%20health%20issues.

msmotto21
Copper Contributor
May 30, 2021
Hi Joe, thank you very much for your reply. I almost thought so. I have already found and configured the notification function in Defender for Identity (ATP portal). Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)? It would be nice to push the data into a MS Teams SOC Channel.

Thank you very much.

Regards Sebastian
- Joe Stocker
  Bronze Contributor
  May 30, 2021
  "Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
  Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp