Forum Discussion
Solved
Investigation Status - Unsupported Alert Type from MDCA
What does in mean when an alert from MDCA shows up as an Unsupported Alert Type
- Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)
HeikeRitter Hi Ms Ritter
Silly question.
Does that mean the AutoIR capability works in general but just doesnt work for any IPs indicated in IOCs?
HeikeRitter
Microsoft
MicrosoftThere is no such things as silly questions! 🙂
No, it means it can't handle certain alert TYPES, but it doesn't mean that it can't investigate and remediate IP related alerts.
No, it means it can't handle certain alert TYPES, but it doesn't mean that it can't investigate and remediate IP related alerts.