MCAS alert ID for Unusual Addition of Credentials to Oauth App

%3CLINGO-SUB%20id%3D%22lingo-sub-2421034%22%20slang%3D%22en-US%22%3EMCAS%20alert%20ID%20for%20Unusual%20Addition%20of%20Credentials%20to%20Oauth%20App%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2421034%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anybody%20know%20how%20to%20identify%20alerts%20in%20loganalytics%20that%20are%20triggered%20under%20the%20poliy%20%22Unusual%20Addition%20of%20Credentials%20to%20an%20Oauth%20App%22%3F%20I%20suspect%20it%20falls%20under%20ALERT_SUSPICIOUS_ACTIVITY.%20But%20how%20to%20identify%20this%20specfic%20alert%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2421034%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Does anybody know how to identify alerts in loganalytics that are triggered under the poliy "Unusual Addition of Credentials to an Oauth App"? I suspect it falls under ALERT_SUSPICIOUS_ACTIVITY. But how to identify this specfic alert?

 

0 Replies