Event banner

Microsoft Defender for Identity AMA

Event Ended
Wednesday, Jun 29, 2022, 09:00 AM PDT
In-Person

Event details

We are very excited to announce our Microsoft Defender for Identity AMA!   An AMA is a live text-based online event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. This AMA giv...
Trevor_Rusher
Updated Jun 29, 2022
microsoft defender for identity
Arjan van Veen's avatar
Arjan van Veen
Copper Contributor
Jun 29, 2022
We see a lot of alerts with an actor......how can we figured out who or what is the actor.....shouldn't be there something like entity mapping f.e user, host or IP
  • LiorShapira's avatar
    LiorShapira
    Icon for Microsoft rankMicrosoft
    Jun 29, 2022
    Some of the network-based alerts don’t provide us with the actor because they only contain the IP from where the traffic was coming from but not the user. We are looking at ways to correlate events on the DC, but this doesn’t always present. If you have MDE, you can try using advanced hunting to correlate the endpoint data. In addition, you can investigate on the device page and make the correlation.
Date and Time
Jun 29, 20229:00 AM - 10:00 AM PDT