Forum Discussion
Security principal reconnaissance (LDAP) alert
I received this alert 2 hours after the alert was first seen . Why did it take two hours to send an alert ?
4 Replies
- EliOfek
Microsoft
Some detectors will hold back the info trying to collect more information before deciding if it's a false positive and should be ignored or not. Also, at time there could be ingestion delays.
It's hard to tell for sure without checking each individual case as well.
Do you see any delays in any logical activities reported in the profile for an active entity?
Can you share the workspace id ?- Sorry, very knew to defender for identity. Where can i find the workspace id ?
- EliOfekPress the ? button on the top right toolbar on the native MDI portal. it will pop up a window with some tech details.
