Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Microsoft Defender for Endpoint
FIN-242
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-02-20 13:25
Verified
What It Detects
This device has not reported to Microsoft Defender for Endpoint in over 30 days. The lastSeen timestamp indicates the device has stopped sending telemetry for an extended period, which may indicate the device is decommissioned, offline, or has had its sensor tampered with.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
lastSeen
older_than_days
30
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum