Forum Discussion
What is "Microsoft SharePoint Online and OneDrive for Business Infra Endpoints" in Cloud Apps
Hi all! I have a Cloud Apps "Cloud Discovery anomaly detection policy" active, which alerts when Data exfiltration to an app that is not sanctioned. This helps me understand, when a user tries to...
adiii Adii, the “Infra Endpoints” app covers networking architecture that enables large OneDrive/SharePoint transfers behind the scenes. So big uploads can trigger alerts there instead of the SharePoint/OneDrive apps, diminishing visibility for incident response.
I agree having distinct front-end and back-end apps fragments visibility in a way that hinders monitoring. Please provide that feedback to Microsoft. In the meantime, engage me when Infra Endpoint alerts occur and I can help investigate details through other audit logs. But consolidating apps would help address this responder blind spot.
Hi Barry,
I have this exact same problem except my alert only has the IP address on a particular day. We have 7 devices used that IP address on that day, so I am really struggling to find out who sent what to where and when.
Do you have any idea on how I can find this out? For context, I have really struggled to investigate these alerts if the end user doesn't recognise the activity, so any tips are greatly appreciated!
I have this exact same problem except my alert only has the IP address on a particular day. We have 7 devices used that IP address on that day, so I am really struggling to find out who sent what to where and when.
Do you have any idea on how I can find this out? For context, I have really struggled to investigate these alerts if the end user doesn't recognise the activity, so any tips are greatly appreciated!