Version:

Expected Log Sample

JSON

{"id": "add7484c3bc9f53d263ac73ssasda79825d8b795de","providerAlertId": "5f2870c74d1fa74439abf65b711115dbsasadaswb896cd6f1e1c77d32c4efe0599eb","incidentId": "239","status": "resolved","severity": "medium","classification": "truePositive","determination": "unwantedSoftware","serviceSource": "azureAdIdentityProtection","detectionSource": "azureAdIdentityProtection","productName": "AAD Identity Protection","detectorId": "AnonymousLogin","tenantId": "ab43a2ad-7033-4759-80f3-617a75432177","title": "Anonymous IP address","description": "Sign-in from an anonymous IP address (e.g. Tor browser, anonymizer VPNs)","recommendedActions": "","category": "InitialAccess","assignedTo": "[email protected]","alertWebUrl": "https://security.microsoft.com/alerts/add7484c3bc9f5aa63a2131231231c73a79825d8b795de?tid=ab43a2ad-7033-4759-80f3-123hjk12h31","incidentWebUrl": "https://security.microsoft.com/incidents/239?tid=ab43a2ad-7033-4759-80f3-12312uioujhkl1","actorDisplayName": null,"threatDisplayName": null,"threatFamilyName": null,"mitreTechniques": [],"createdDateTime": "2024-03-13T09:39:25.9533333Z","lastUpdateDateTime": "2024-03-20T05:53:52.1666667Z","resolvedDateTime": "2024-03-20T05:52:47.4466667Z","firstActivityDateTime": "2024-03-13T09:31:02.809426Z","lastActivityDateTime": "2024-03-13T09:31:02.809426Z","systemTags": [],"alertPolicyId": null,"additionalData": null,"comments": [],"evidence": [{"@odata.type": "#microsoft.graph.security.userEvidence","createdDateTime": "2024-03-13T09:39:26.0666667Z","verdict": "unknown","remediationStatus": "none","remediationStatusDetails": null,"roles": [],"detailedRoles": [],"tags": [],"stream": null,"userAccount": {"accountName": "JhonDoe","domainName": "terracottaarmy","userSid": "S-1-5-21-583709415-4138634449-979950088-1115","azureAdUserId": "74454f19-07c0-4881-bd6b-f0c07614ebdb","userPrincipalName": "[email protected]","displayName": "Jhon Doe"}},{"@odata.type": "#microsoft.graph.security.ipEvidence","createdDateTime": "2024-03-13T09:39:26.0666667Z","verdict": "suspicious","remediationStatus": "none","remediationStatusDetails": null,"roles": [],"detailedRoles": [],"tags": [],"ipAddress": "1234:4578:30:f4ae:8f7b:cc6e:d1d7:d345","countryLetterCode": "US","stream": null}]}
Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support