Forum Discussion
Log data for connecting and disconnecting Sentinel Data Connectors
Without physically testing my self the AAD connector, going off the link below I would assume the logs should be in the Azure Activity Table. Ive made changes to the DNS connector recently which involved turning off/on and I could see the events in the logs. Hope this helps.
https://docs.microsoft.com/en-us/azure/sentinel/audit-sentinel-data
MICROSOFT SENTINEL DATA INCLUDED IN AZURE ACTIVITY LOGS
Operation:
DeletedInformation types:
Alert rules
Bookmarks
Data connectors
Incidents
Saved searches
Settings
Threat intelligence reports
Watchlists
Workbooks
WorkflowOperation:
UpdatedInformation types:
Alert rules
Bookmarks
Cases
Data connectors
Incidents
Incident comments
Threat intelligence reports
Workbooks
Workflow
Without physically testing my self the AAD connector, going off the link below I would assume the logs should be in the Azure Activity Table. Ive made changes to the DNS connector recently which involved turning off/on and I could see the events in the logs. Hope this helps.
https://docs.microsoft.com/en-us/azure/sentinel/audit-sentinel-data
MICROSOFT SENTINEL DATA INCLUDED IN AZURE ACTIVITY LOGS
Operation:
Deleted
Information types:
Alert rules
Bookmarks
Data connectors
Incidents
Saved searches
Settings
Threat intelligence reports
Watchlists
Workbooks
Workflow
Operation:
Updated
Information types:
Alert rules
Bookmarks
Cases
Data connectors
Incidents
Incident comments
Threat intelligence reports
Workbooks
Workflow