Monitor Content Search using Sentinel

Dilan Nanayakkara 1,111 Reputation points
2021-07-10T16:25:25.717+00:00

Hi,

I have a requirement of monitor any eDiscovery/Content search has been done by Admins through Sentinel.

appreciate if anyone can share a KQL query or propose the way to achieve this through Sentinel.

Thanks,
Dilan

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,820 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
989 questions
0 comments
Accepted answer
  1. Martin Rublik 316 Reputation points
    2021-07-12T07:45:24.267+00:00

    Hi,

    please check following MS article:
    https://learn.microsoft.com/en-us/answers/questions/470633/moniotr-content-search-using-sentinel.html

    Unfortunatelly I was not able to find these in OfficeActivity log (especially I checked for SearchExportDownloaded event), as a workaround you could set-up a MCAS/OCAS alert and monitor these alerts in Sentinel.

    Martin

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest