SOLVED

Azure ATP and Defender ATP integration

Highlighted
Occasional Contributor

Hi,

 

I noticed an issue related to Azure and Defender ATP integration.

The problem is that Defender ATP displays identities in logon format domain\identity, while Azure ATP display the SAM Acc name

Usecase:

You have an alert raised in Defender ATP.

You logon to defender ATP cosole,

Defender queries the identity in Azure with logon name  (domain\username) and returns no result.

However, if you search for logon name in Azure ATP, no results are returned. You need to enter only the sam account name for Azure ATP console to return results.

Because of this issue, the integration between products gives limited visibility.

2 Replies
Highlighted

Hi @mcliviu ,

 

Thank you for sharing with us this feedback!

Will take it with you offline to better understand the scenario.

 

Thanks,

Tali

Highlighted
Best Response confirmed by mcliviu (Occasional Contributor)
Solution

Would like to update we fixed this issue.

If inn the future you are seeing such miss-correlation, please update us.

 

Thanks!

Tali