Forum Discussion
SharePointFileOperation via devices with previously unseen user agents
Christian Bourque As it stands right now, this will be more of a notification that the alert was created in O365. You should go there to get more information on it and perform the investigation.
You can also check the alert that was generated to see if the information is in there and create a Logic App that can do something like add comments to incident with the information you need (although that would need to be started manually)
These alerts are getting better and better as time goes on. It may be worth entering a new request in the Azure Sentinel Customer Feedback for the information you are looking for here: https://feedback.azure.com/forums/920458-azure-sentinel
GaryBusheyand endakelly thanks to both of you for your feedback, it's really appreciated!