You asked, we listened!

In an effort to improve and enhance your experience using Azure ATP, we’re renaming all Security Alerts with easier to understand titles and descriptions.

Effective 4 versions from now (v2.56) planned for release 25-27 November, all Azure ATP Security Alert names will be changed throughout the portal, syslogs and reports. Bellow you can find some examples.

Please contact me if you would like to get more information.

As always, we welcome your feedback, suggestions and ideas about how to improve your Azure ATP experience.

Thanks,

Azure ATP Product Team

Examples:

 Reconnaissance using SMB Session Enumeration -> User and IP address reconnaissance (SMB)

Reconnaissance using directory services queries -> User and group membership reconnaissance (SAMR)

Unusual protocol implementation (potential WannaCry ransomware attack) -> Suspected WannaCry ransomware attack

Encryption downgrade activity (potential skeleton key attack) -> Suspected skeleton key attack (encryption downgrade)