Forum Discussion
Min Diagnostic Event Categories for Azure Sentinel
Hello I've been trying to find some definitive recommendations on what event categories we should send in a diagnostic setting to the analytics workspace that the sentinel will ingest. I'm lookin...
Thanks for that. And that table is what had me thinking, administrative events like create, update, delete operations...wouldn't that be interesting information to correlate with security events if sentinel allows this kind of correlation.
Hi
In any case if you are using adavanced threat protection + analytics abnormal operations ( delete many files in a short time ) will be detected as security issues . If you build a good RBAC strategy leveraging least privilege and custom roles if needed you may have less false positives when adding administrative operations so yes that make sense.
In any case if you are using adavanced threat protection + analytics abnormal operations ( delete many files in a short time ) will be detected as security issues . If you build a good RBAC strategy leveraging least privilege and custom roles if needed you may have less false positives when adding administrative operations so yes that make sense.