Dec 20 2018 02:25 PM - edited Dec 20 2018 02:25 PM
Hello Everyone,
Activity logs contain a button called 'Raw Data'. I was wondering if I can apply filters and search for specific values in the field included in the Json raw data? Or if it possible to do it in any way, such as the Power Shell module or by sending the alert to the SIEM.
I look froward to hearing from you.
Thank you.
Maria Y.
Dec 21 2018 12:23 PM
@Danny Kadyshevitch or @Dima Donhin: Do you have any insight on this?
Dec 23 2018 07:01 AM
Hi,
Raw data is not searchable in MCAS.
You can search on any of the formatted attributes, as well as the info located in Activity Objects.
If you have specific data that interest you in the raw data you can send an activity feedback and we'll look into adding it as an activity object.
Regards,
Dima