Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
May 26, 2022
Solved

Investigation Status - Unsupported Alert Type from MDCA

What does in mean when an alert from MDCA shows up as an Unsupported Alert Type 

 

alerts
  • HeikeRitter's avatar
    HeikeRitter
    May 27, 2022
    Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)

6 Replies

  • HeikeRitter's avatar
    HeikeRitter
    Icon for Microsoft rankMicrosoft
    May 27, 2022
    Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)
    • Jason0903's avatar
      Jason0903
      Copper Contributor
      Jan 26, 2023

      Hi, is there any playbook for this yet?
      What does it mean when an alert from MDE shows up as an Unsupported Alert Type

    • john1263's avatar
      john1263
      Copper Contributor
      Aug 16, 2022

      HeikeRitter Hi Ms Ritter 

       

      Silly question.

       

      Does that mean the AutoIR capability works in general but just doesnt work for any IPs indicated in IOCs?

      • HeikeRitter's avatar
        HeikeRitter
        Icon for Microsoft rankMicrosoft
        Aug 16, 2022
        There is no such things as silly questions! 🙂
        No, it means it can't handle certain alert TYPES, but it doesn't mean that it can't investigate and remediate IP related alerts.
    • Dean_Gross's avatar
      Dean_Gross
      Silver Contributor
      May 27, 2022
      thanks, it would be helpful if that was documented somewhere.
      • HeikeRitter's avatar
        HeikeRitter
        Icon for Microsoft rankMicrosoft
        May 27, 2022
        Thanks Dean; I've requested that update to the doc page and it will be added. Thanks again!

Resources