Aug 09 2019
01:56 AM
- last edited on
Nov 30 2021
10:05 AM
by
TechCommunityAP
Aug 09 2019
01:56 AM
- last edited on
Nov 30 2021
10:05 AM
by
TechCommunityAP
I have successfully installed the sensor on DC as the portal shows the number of LDAP objects registered in DC.
However, I am not seeing any activities in neither devices nor users that conducted following reconnaissance playbooks in the test.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-playbook-reconnaissance
The strange thing is that some activities in DC installed with the sensor is showing some DNS related activities, and also, the device is showing some activities, but none of them are related with the reconnaissance playbook.
Any help is appreciated. Thanks in advance.
Aug 11 2019 05:48 AM
SolutionHi @Kengo Suzuki ,
Is it the only DC is the env? If there are more DCs maybe the traffic went to them and not to the one with the Sensor.
Do you have any health alerts?
Thanks,
Tali
Aug 13 2019 03:48 AM
Hi @Tali Ash
Thanks for your response.
> Is it the only DC is the env? If there are more DCs maybe the traffic went to them and not to the one with the Sensor.
Ok, I would try installing another sensor to other DC.
> Do you have any health alerts?
Yes, I have some alerts which could impact the following settings.
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-nnr-policy
However, just like attachment, the name is being resolved without a problem in the machine where I had an issue detecting the problem.
Again, I might try installing the sensor to another DC for now.
Aug 14 2019 05:27 AM
Aug 11 2019 05:48 AM
SolutionHi @Kengo Suzuki ,
Is it the only DC is the env? If there are more DCs maybe the traffic went to them and not to the one with the Sensor.
Do you have any health alerts?
Thanks,
Tali