1,295 questions
Two Microsoft Defender for Identity Alerts Missing Content
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hello,
Two Defender for Identity alerts that we get regularly come in with almost no information. We believe there is something wrong with the sensor but don't have visibility on it.
- Account enumeration reconnaissance (on one endpoint)
- remote code execution (on one endpoint)
Does anyone know what needs to be tweaked in order to enrich these alerts? It's been quite challenging to address them. Thank you!
Microsoft Security | Microsoft Sentinel
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator2022-06-08T23:25:45.303+00:00 Which details are you hoping to surface? If the connection was attempted via RDP an IP address would not be found in this case.
If you think there is something wrong with the Connector Health you could do a health check to confirm.
You can also create a rule to see custom details.
Sign in to comment
Sign in to answer