Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
May 26, 2022
Solved

Investigation Status - Unsupported Alert Type from MDCA

What does in mean when an alert from MDCA shows up as an Unsupported Alert Type   
alerts
  • HeikeRitter's avatar
    HeikeRitter
    May 27, 2022
    Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)
HeikeRitter's avatar
HeikeRitter
Icon for Microsoft rankMicrosoft
May 27, 2022
Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)
  • Jason0903's avatar
    Jason0903
    Copper Contributor
    Jan 26, 2023

    Hi, is there any playbook for this yet?
    What does it mean when an alert from MDE shows up as an Unsupported Alert Type

  • john1263's avatar
    john1263
    Copper Contributor
    Aug 16, 2022

    HeikeRitter Hi Ms Ritter 

     

    Silly question.

     

    Does that mean the AutoIR capability works in general but just doesnt work for any IPs indicated in IOCs?

    • HeikeRitter's avatar
      HeikeRitter
      Icon for Microsoft rankMicrosoft
      Aug 16, 2022
      There is no such things as silly questions! 🙂
      No, it means it can't handle certain alert TYPES, but it doesn't mean that it can't investigate and remediate IP related alerts.
  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    May 27, 2022
    thanks, it would be helpful if that was documented somewhere.
    • HeikeRitter's avatar
      HeikeRitter
      Icon for Microsoft rankMicrosoft
      May 27, 2022
      Thanks Dean; I've requested that update to the doc page and it will be added. Thanks again!

Resources