- What is anonymous IP address involving one user?
- What is suspicious impersonated activity?
- What is MCAS activity from suspicious IP addresses?
What is anonymous IP address involving one user?
Example 1 – Anonymous IP address involving one user
These IP addresses are typically used by actors who want to hide their sign-in information (IP address, location, device, and so on) for potentially malicious intent. IPC pushes all alerts to Microsoft Security Graph which has two (2) versions, v1. 0 & beta.
What is suspicious impersonated activity?
Unusual impersonated activity (by user)
This activity is commonly used by attackers to create phishing emails in an attempt to extract information about your organization.
What is MCAS activity from suspicious IP addresses?
Activity from suspicious IP addresses
This detection identifies that users were active from an IP address identified as risky by Microsoft Threat Intelligence. These IP addresses are involved in malicious activities, such as performing password spray, Botnet C&C, and may indicate compromised account.