Azure ATP advance hunting features (MTP) are now in public preview

%3CLINGO-SUB%20id%3D%22lingo-sub-1291997%22%20slang%3D%22en-US%22%3EAzure%20ATP%20advance%20hunting%20features%20(MTP)%20are%20now%20in%20public%20preview%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1291997%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20recently%20announced%20by%20MTP%2C%20we%20are%20happy%20to%20share%20that%20Azure%20ATP%20and%20Cloud%20App%20Security%20data%20is%20now%20available%20in%20MTP%E2%80%99s%20advanced%20hunting%20feature%20through%203%20new%20tables%20-%20IdentityQueryEvents%20%3B%20IdentityLogonEvents%20and%20AppFileEvents.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHunting%20over%20identity%20and%20application%20activities%20augments%20our%20existing%20investments%20in%20improving%20MTP%20capabilities%20such%20as%20incident%20correlation%20and%20automatic%20incident%20response%20with%20Azure%20ATP%20and%20Cloud%20App%20Security%20capabilities%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20this%20is%20just%20the%20beginning%20--%20we%20are%20working%20hard%20on%20add%20more%20activities%20to%20Advanced%20hunting%20as%20well%20as%20exposing%20additional%20user%20information%20to%20enable%20even%20more%20powerful%20queries%2C%20stay%20tuned!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20read%20the%20announcement%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Ftechcommunity.microsoft.com%252Ft5%252Fsecurity-privacy-and-compliance%252Fhunt-more-broadly-and-effectively-with-new-microsoft-threat%252Fba-p%252F1286004%26amp%3Bdata%3D02%257C01%257Cort%2540microsoft.com%257C0d2be51d75a84ae6306c08d7dc158f34%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637219857489697049%26amp%3Bsdata%3DMpXdcd%252BRgFXsowdFGf0PDqwP5OywV0ftt48bqZ7KsuY%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

As recently announced by MTP, we are happy to share that Azure ATP and Cloud App Security data is now available in MTP’s advanced hunting feature through 3 new tables - IdentityQueryEvents ; IdentityLogonEvents and AppFileEvents.

 

Hunting over identity and application activities augments our existing investments in improving MTP capabilities such as incident correlation and automatic incident response with Azure ATP and Cloud App Security capabilities

 

But this is just the beginning -- we are working hard on add more activities to Advanced hunting as well as exposing additional user information to enable even more powerful queries, stay tuned!

 

You can read the announcement here.

0 Replies