cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Network mapping reconnaissance (DNS)

msmotto21
Copper Contributor

‎May 27 2021 05:18 AM

‎May 27 2021 05:18 AM

Network mapping reconnaissance (DNS)

Hi everybody, 

i get an warning in MCAS "Network mapping reconnaissance (DNS)" because of my Vulnerability Scanner. I wan't to get notified like in every alert rule in MCAS. But i can't find where i can edit the default behavior anomalie policy. How can i get notified when this warning accours? 

Thanks

Regards

Sebastian

Labels:
2,102 Views
0 Likes
3 Replies
Reply
3 Replies
Joe Stocker

‎May 29 2021 11:24 PM

‎May 29 2021 11:24 PM

Re: Network mapping reconnaissance (DNS)

That specific alert is actually coming from Microsoft Defender for Identity product. MCAS is just showing you the alerts from MDI. To configure MDI to send you email alerts for the DNS recons, browse to MDI here: http://portal.atp.azure.com/
In the Defender for Identity portal, select the settings option on the toolbar and select Configuration. Click Notifications. Under Mail notifications, add email addresses for the notifications you want to receive - they can be sent for new alerts

See documentation here: https://docs.microsoft.com/en-us/defender-for-identity/notifications#:~:text=In%20the%20Defender%20f....
0 Likes
Reply
msmotto21

‎May 30 2021 12:34 PM

‎May 30 2021 12:34 PM

Re: Network mapping reconnaissance (DNS)

Hi Joe, thank you very much for your reply. I almost thought so. I have already found and configured the notification function in Defender for Identity (ATP portal). Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)? It would be nice to push the data into a MS Teams SOC Channel.

Thank you very much.

Regards Sebastian
0 Likes
Reply
best response confirmed by msmotto21 (Copper Contributor)
Joe Stocker

‎May 30 2021 04:51 PM

‎May 30 2021 04:51 PM

Solution

Re: Network mapping reconnaissance (DNS)

"Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by msmotto21 (Copper Contributor)
Joe Stocker

‎May 30 2021 04:51 PM

‎May 30 2021 04:51 PM

Solution

Re: Network mapping reconnaissance (DNS)

"Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp

View solution in original post

0 Likes
Reply