SOLVED

Azure ATP and Defender ATP integration

Copper Contributor

Hi,

 

I noticed an issue related to Azure and Defender ATP integration.

The problem is that Defender ATP displays identities in logon format domain\identity, while Azure ATP display the SAM Acc name

Usecase:

You have an alert raised in Defender ATP.

You logon to defender ATP cosole,

Defender queries the identity in Azure with logon name  (domain\username) and returns no result.

However, if you search for logon name in Azure ATP, no results are returned. You need to enter only the sam account name for Azure ATP console to return results.

Because of this issue, the integration between products gives limited visibility.

2 Replies

Hi @mcliviu ,

 

Thank you for sharing with us this feedback!

Will take it with you offline to better understand the scenario.

 

Thanks,

Tali

best response confirmed by mcliviu (Copper Contributor)
Solution

Would like to update we fixed this issue.

If inn the future you are seeing such miss-correlation, please update us.

 

Thanks!

Tali

1 best response

Accepted Solutions
best response confirmed by mcliviu (Copper Contributor)
Solution

Would like to update we fixed this issue.

If inn the future you are seeing such miss-correlation, please update us.

 

Thanks!

Tali

View solution in original post