Ninja Cat Giveaway: Episode 7 | Defender for Identity and Defender for Endpoint: Better to together

An excellent case where information from both tools helped figure out what was going on for me was - MDI had a high severity alert for LDAP enumeration, and after examining the source system in MDE, we were able to identify the activity as bloodhound being run as the last stage of a red team penetration test.