Hi,
I have a requirement of monitor any eDiscovery/Content search has been done by Admins through Sentinel.
appreciate if anyone can share a KQL query or propose the way to achieve this through Sentinel.
Thanks,
Dilan
Hi,
I have a requirement of monitor any eDiscovery/Content search has been done by Admins through Sentinel.
appreciate if anyone can share a KQL query or propose the way to achieve this through Sentinel.
Thanks,
Dilan
Hi,
please check following MS article:
https://docs.microsoft.com/en-us/answers/questions/470633/moniotr-content-search-using-sentinel.html
Unfortunatelly I was not able to find these in OfficeActivity log (especially I checked for SearchExportDownloaded event), as a workaround you could set-up a MCAS/OCAS alert and monitor these alerts in Sentinel.
Martin
the link will again redirect to this question. I you mean a different link. Appreciate if you can mention it again.
Sorry I definitely meant another one :)
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-ediscovery-activities-in-the-audit-log?view=o365-worldwide
Martin
10 people are following this question.
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
Send syslog server logs to Azure Sentinel through log analytics gateway
ThreatIntelligenceIndicator correlation and False Positive removal
Incorrect percentage values on the Azure Pricing details site