Forum Discussion
Solved
Network mapping reconnaissance (DNS)
Hi everybody,
i get an warning in MCAS "Network mapping reconnaissance (DNS)" because of my Vulnerability Scanner. I wan't to get notified like in every alert rule in MCAS. But i can't find where i can edit the default behavior anomalie policy. How can i get notified when this warning accours?
Thanks
Regards
Sebastian
- "Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp
3 Replies
- That specific alert is actually coming from Microsoft Defender for Identity product. MCAS is just showing you the alerts from MDI. To configure MDI to send you email alerts for the DNS recons, browse to MDI here: http://portal.atp.azure.com/
In the Defender for Identity portal, select the settings option on the toolbar and select Configuration. Click Notifications. Under Mail notifications, add email addresses for the notifications you want to receive - they can be sent for new alerts
See documentation here: https://docs.microsoft.com/en-us/defender-for-identity/notifications#:~:text=In%20the%20Defender%20for%20Identity,activities)%20and%20new%20health%20issues.- Hi Joe, thank you very much for your reply. I almost thought so. I have already found and configured the notification function in Defender for Identity (ATP portal). Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)? It would be nice to push the data into a MS Teams SOC Channel.
Thank you very much.
Regards Sebastian- "Is there a way to query and specifically filter the data from Defender for Identity in Azure Sentinel (LogAnalythic)?"
Yes this is available now, per this article: https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-atp
