Forum Discussion
RiskScore The risk score of the user was updated
We started recieving this alert with high severity from provider Azure Identity Protection (IPC) yet there is no documentation available about this alerts so our customers are asking us well... basically what the heck is this high severity alert. Can you please provide information about this.
Here's extract of one of the alerts with some hidden values:
"azureSubscriptionId": null,
"riskScore": null,
"tags": [],
"activityGroupName": null,
"assignedTo": null,
"category": "RiskScore",
"closedDateTime": null,
"comments": [],
"confidence": null,
"createdDateTime": "2019-06-28T03:18:40Z",
"description": "The risk score of the user was updated",
"detectionIds": [],
"eventDateTime": "2019-06-28T03:18:40Z",
"feedback": null,
"lastModifiedDateTime": "2019-06-29T20:56:53.9713689Z",
"recommendedActions": [],
"severity": "high",
"sourceMaterials": [],
"status": "newAlert",
"title": "RiskScore",
"vendorInformation": {
"provider": "IPC",
"providerVersion": "3.0",
"subProvider": null,
"vendor": "Microsoft"
},
"cloudAppStates": [],
"fileStates": [],
"hostStates": [],
"historyStates": [],
"malwareStates": [],
"networkConnections": [],
"processes": [],
"registryKeyStates": [],
"triggers": [],
"userStates": [
{
"aadUserId": "hidden",
"accountName": "hidden",
"domainName": null,
"emailRole": "unknown",
"isVpn": null,
"logonDateTime": null,
"logonId": null,
"logonIp": null,
"logonLocation": null,
"logonType": null,
"onPremisesSecurityIdentifier": null,
"riskScore": "0",
"userAccountType": null,
"userPrincipalName": "hidden"
}
],
"vulnerabilityStates": []
No RepliesBe the first to reply
