Apr 27 2020
- last edited on
Apr 08 2022
I'm looking to create some kind of report for the AIP scanner as its scanning share directories. It would be nice to know when it starts to scan a directory and when it the scanner has completed the directory. It would be nice to have it include all the directories and then give the status if it has completed scanning.
Is this possible with AIP and log analytics? I have been looking into this and haven't made it too far. Any help would be greatly appreciated.
Apr 27 2020 10:54 AM
I think (and I have very little AIP test data) that you get one row in the logs per activity (or activity_s)
InformationProtectionLogs_CL | where Activity_s == "Discover" | project TimeGenerated , ['File Name']=ObjectId_s , DeviceId_s , DeviceRisk_s , Activity_s , UserId_s
Unless the Activity column changes i.e newlabel removelabel etc...