Forum Discussion
How to identify which user changed alert status in defender for cloud
I want to find out how can identify which user moved the status of a new alert to in-progress or closed
Can we find extract a report
1 Reply
hHelloMax_singh,
here is Ahmed a community visitor π
Let me try to help you π
In Microsoft Defender for Cloud (formerly known as Azure Security Center), you can view the alert history to see who changed the status of an alert. To do this, follow these steps:
- In the Microsoft Defender for Cloud dashboard, navigate to the "Alerts" tab.
- Find the alert that you are interested in and click on its name to open the alert details page.
- Scroll down to the "History" section, and you will see a list of all the actions that have been taken on this alert, including any changes to the alert status.
- Each action in the history list includes a timestamp and the name of the user who performed the action. You can use this information to identify which user changed the alert status.
I hope these Steps are helpful. If you have any other questions or need further assistance, please don't hesitate to tell me so we can scope further together.
Best of the best πAhme:D
