Jul 12 2019 05:46 AM
Hi,
I noticed an issue related to Azure and Defender ATP integration.
The problem is that Defender ATP displays identities in logon format domain\identity, while Azure ATP display the SAM Acc name
Usecase:
You have an alert raised in Defender ATP.
You logon to defender ATP cosole,
Defender queries the identity in Azure with logon name (domain\username) and returns no result.
However, if you search for logon name in Azure ATP, no results are returned. You need to enter only the sam account name for Azure ATP console to return results.
Because of this issue, the integration between products gives limited visibility.
Jul 14 2019 02:45 AM
Hi @mcliviu ,
Thank you for sharing with us this feedback!
Will take it with you offline to better understand the scenario.
Thanks,
Tali
Jul 29 2019 05:32 AM
SolutionWould like to update we fixed this issue.
If inn the future you are seeing such miss-correlation, please update us.
Thanks!
Tali
Jul 29 2019 05:32 AM
SolutionWould like to update we fixed this issue.
If inn the future you are seeing such miss-correlation, please update us.
Thanks!
Tali