Forum Discussion
UnifiedAuditLogs in sentinel
Hello,
Where to find the unifiedauditlog in sentinel ?
Which connector is required for that logs?
BR,
Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwideThe link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start
Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)
4 Replies
Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwideThe link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start
Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)
- Thank you, that mean there are not tables related to that audits in Microsoft sentinel ?
- Correct, as far as I know there isn't a 1:1 mapping, there are multiple tables and connectors needed.
But I haven't looked at the table created by the Insider Risk solution.
