Forum Discussion

mcliviu's avatar
mcliviu
Copper Contributor
Jul 12, 2019
Solved

Azure ATP and Defender ATP integration

Hi,

 

I noticed an issue related to Azure and Defender ATP integration.

The problem is that Defender ATP displays identities in logon format domain\identity, while Azure ATP display the SAM Acc name

Usecase:

You have an alert raised in Defender ATP.

You logon to defender ATP cosole,

Defender queries the identity in Azure with logon name  (domain\username) and returns no result.

However, if you search for logon name in Azure ATP, no results are returned. You need to enter only the sam account name for Azure ATP console to return results.

Because of this issue, the integration between products gives limited visibility.

  • Tali Ash's avatar
    Tali Ash
    Jul 29, 2019

    Would like to update we fixed this issue.

    If inn the future you are seeing such miss-correlation, please update us.

     

    Thanks!

    Tali

2 Replies

  • Tali Ash's avatar
    Tali Ash
    Former Employee
    Jul 14, 2019

    Hi mcliviu ,

     

    Thank you for sharing with us this feedback!

    Will take it with you offline to better understand the scenario.

     

    Thanks,

    Tali

    • Tali Ash's avatar
      Tali Ash
      Former Employee
      Jul 29, 2019

      Would like to update we fixed this issue.

      If inn the future you are seeing such miss-correlation, please update us.

       

      Thanks!

      Tali

Resources