User Profile
MattBurrows
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
New Device Health Reporting showing incorrect status
Hi, Just been looking into the new reporting and ive come across the below: On the new AV health reports, it shows in the "Antivirus Mode" that I have a bunch of Devices that are in "Other Modes". when you run get-mpcomputerstatus, on the devices in question, everything is up to date, and matches that of a device that is in "Active" Mode. When you check on the Defender portal, on the device itself, in the new section "Device health Status" everything is unknown and the AV mode is "Other" along with the Title "Defender Antivirus Not active", which I can confirm it is active and updated. The Devices are able to communicate out to Defender so its not a networking issue, so im a little lost why some I'm getting irregular reporting Has anyone noticed the same thing from their side?Limitations with Watchlists in logic apps
Has anyone tried using the action within Logic Apps " Watchlist - Get all watchlist items for a giver watchlist" and come across the below issue? Currently I have a Watchlist with around 500 entries, when I try and get all the results, it will only pick the first 100 from the Watchlist. Assuming there is a limitation that only gets the first 100, does anyone know how to increase this?630Views0likes0CommentsAPI GET for Defender TVM
Hi Guys, I am running GET on "https://api-eu.securitycenter.windows.com/api/vulnerabilities"to pull all my vulnerabilities. What I am noticing is there is a lot of results with Exposed Machines that equal 0, while I only want to show Vulns that is equal to or greater than 1 (so shows all vulns on any of my machines). In theory I should be able to do this via the below ("ge" = ">=") https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=exposedMachines ge 1 But I am getting the below error: "error":{ "code":"BadRequest", "message":"Filterparameterisinvalid", I have tried various other ways that is mentioned online but nothing seems to work. No doubt its something so simple. Cheers.2.9KViews1like2CommentsUnknown User!
Hi Everyone, A bit of a strange one, had a user who requested a colleague to join a team. The owner who approves members has reported that a request came in for both The User and an Unknown User at the same time. Has anyone seen anything similar? Apparently its not the first time this has happened! Cheers.1.4KViews0likes1CommentUnfamiliar sign-in properties, alert flagged in AAD Identity protection but not MCAS?
Hi Guys, First time post so apologies if anything is in correct with the below. I have an alert being picked up in AAD IP for a Risky Sign-in under the detection type, Unfamiliar Sign-in Properties. Usually i would see the same alert being triggered in MCAS but for what ever reason the alert hasn't been triggered. Has anyone seen anything similar before, or know why it wouldn't flag in MCAS but its does in AAD IP? Had this occur a few times now. AAD IP triggered this alert at 2/26 7:22AM but in MCAS the first activity from this user was 2/26 7:50AMSolved
Groups
Recent Blog Articles
No content to show