Oct 29 2019 02:32 PM
Dear community members,
we're using Microsoft Defender ATP to collect machine data in the Cloud Discovery dashboard of Microsoft Cloud App Security. Does anyone know how accurate the upload traffic is within the discovered apps overview? Below some details:
- User uploads 2 files to WeTransfer on endpoint level, which is onboarded into MDATP;
- User is not behind a proxy;
- Last data received field from MDATP is updated;
- Cloud Discovery doesn't show any upload traffic and no updates in the WeTransfer statistics.
I'm very curious how this works.
Kind regards,
Bram
Nov 04 2019 12:47 AM
Dec 03 2019 01:18 PM - edited Dec 03 2019 01:18 PM
@Danny Kadyshevitch
Hi Danny,
thanks for answering, sorry for my late response, I didn't noticed the alert for a new answer. So we used a file of 1GB and later a file of 512 MB to upload to WeTransfer. Later on we downloaded both files by using the MDATP connected W10 device and the logged on corporate user account so we were sure that the traffic details would be collected by MDATP/MCAS. The upload and download details are not updated in MCAS. The specific user is not behind a proxy.
Kind regards,
Bram
Jan 12 2020 01:24 AM
Hi @Bram_InSpark.
While investigating this, I would be happy to know if you got to check in MDATP portal whether there was any traffic going to wetransfer.com captured in machine's timeline?
Thanks.