Forum Discussion
UnifiedAuditLogs in sentinel
Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwideThe link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start
Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)
Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
The link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start
Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)
- Thank you, that mean there are not tables related to that audits in Microsoft sentinel ?
- Correct, as far as I know there isn't a 1:1 mapping, there are multiple tables and connectors needed.
But I haven't looked at the table created by the Insider Risk solution.- Ah thanks.
My case: there is an incident called "eDiscovery search started or exported" come from vendor "Microsoft Defender for Office 365", and the incident is not have the efficient data, so we are trying to find the related data logs without access the "unified audit logs" in Compliance Security
