Investigation Status - Unsupported Alert Type from MDCA

Dean Gross · ‎May 26 2022

What does in mean when an alert from MDCA shows up as an Unsupported Alert Type

VI_Migration · ‎May 26 2022

Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)

Dean Gross · ‎May 27 2022

thanks, it would be helpful if that was documented somewhere.

Heike Ritter · ‎May 27 2022

Thanks Dean; I've requested that update to the doc page and it will be added. Thanks again!

john1263 · ‎Aug 16 2022

@Heike Ritter Hi Ms Ritter

Silly question.

Does that mean the AutoIR capability works in general but just doesnt work for any IPs indicated in IOCs?

Heike Ritter · ‎Aug 16 2022

There is no such things as silly questions! :)
No, it means it can't handle certain alert TYPES, but it doesn't mean that it can't investigate and remediate IP related alerts.

Jason0903 · ‎Jan 26 2023

Hi, is there any playbook for this yet?
What does it mean when an alert from MDE shows up as an Unsupported Alert Type

VI_Migration · ‎May 26 2022

Hi Dean, this means that our AutoIR can't pick-up the alert to do an automated investigation. For some alerts we don't have a playbook (yet)

View solution in original post

Investigation Status - Unsupported Alert Type from MDCA

Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Re: Investigation Status - Unsupported Alert Type from MDCA

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Investigation Status - Unsupported Alert Type from MDCA