Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

AttackTechniques missing in AlertInfo?

Copper Contributor

Does anyone know if it's a normal behavior that AttackTechniques is missing from AlertInfo, or is it some kind of bug?

Slawomir_Smolarczyk_0-1706528858550.pngSlawomir_Smolarczyk_1-1706528881661.png

According to AlertInfo table in the advanced hunting schema | Microsoft Learn

"AttackTechniques: MITRE ATT&CK techniques associated with the activity that triggered the alert"

(I guess from here MITRE ATT&CK®)

Will AttackTechniques in AlertInfo always match the same in AlertEvidence and the empty field in the example above can simply be ignored?

0 Replies