Forum Discussion
SecurityAlert doesn't include important alert details
In the MS 365 Defender, we have an alert generated on "Granted mailbox permission" activity. This event shows up in the SecurityEvent and OfficeActivity $tables, over in Log Analytics. In Office...
AndrewX I believe this is the reason the new Microsoft 365 Defender data connector (currently in preview) was created. It will allow you to ingest more information from the various defender products if you need them.
- So for now shall we keep using the other portals, where the information is already available?
I just wish we could create alerts/notifications using playbooks for these events. Looks like ill have to write a custom Kusto query in LA and create an $1.50 alert based on it for now.- I'm saying the new data connector will copy the information from Defender and put into MS Sentinel so you can write the query to return all the data you want in it
- Apologies, but i don't see that. The data in the alert is only half of what is in Defender?
Or are you saying that i get half of the data from the alert, then pivot/join to the OfficeActivity table and get the rest from there?
