Forum Discussion
Diffrent results in Defender Activity Log and Advanced Hunting
Hello there,
we have Defender Identity Sensors running on our Domain Controllers. When I query login results by using Activity Log and Advanced Hunting, i get diffrent result. The device ist our ADFS server.
What am i missing here?
thank you
martin
- Our team is aware of a delay in sending alerts and activities to the M365D portal. It's supposed to be resolved as soon as possible. If you continue to have issues in the next week, please contact me (t-lshapira@microsoft.com).
- LiorShapira
Microsoft
NinjaKittyCan you please let me know which 5 activity types are selected in the Activity log filter?
In addition, at what time did the first activity the Activity log occur? (Maybe there's a delay issue that I would like to check).
Feel free to so send me an email: t-lshapira@microsoft.com
Thanks,
Lior (Product manager in MDI team)LiorShapira Screenshots were taken last friday. I added 3 days since its monday now.
Interestingly, the advanced hunting results have changed. Now there are entries from november 25. which were not visible last friday. But the numbers still don't compare. 136 to 147
Could that be a delay in transfer to the advanced hunting database? Some entries are still missing
- LiorShapira
NinjaKitty Please try to make a change in AH query (#5 row) - replace "LogonType" with
"ActionType", so the "LDAP" will be included too.
