How to find the details of transactions (URLs visited) logged in Cloud Discovery

%3CLINGO-SUB%20id%3D%22lingo-sub-2466365%22%20slang%3D%22en-US%22%3EHow%20to%20find%20the%20details%20of%20transactions%20(URLs%20visited)%20logged%20in%20Cloud%20Discovery%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2466365%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20do%20I%20get%20to%20the%20low%20level%20of%20detail%20behind%20the%20Transaction%20logged%20in%20CLoud%20Discovery%3F%20FOr%20example%2C%20206%20transaction%20have%20been%20recorded%20to%20Azure%20CDN%20Edge%20nodes%2C%20but%20I%20want%20to%20find%20the%20actual%20URLs.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHappy%20to%20use%20KQL%20but%20I%20cannot%20figure%20out%20from%20the%20documentation%20where%2Fif%20this%20level%20of%20detail%20is%20logged.%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%409839A717402516D64549B98324F4F0C1%2Fimages%2Femoticons%2Fsad_40x40_1.gif%22%20alt%3D%22%3Asad%3A%22%20title%3D%22%3Asad%3A%22%20%2F%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Calum_L1_0-1624291979780.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F290307i7126A305C614FF3A%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Calum_L1_0-1624291979780.png%22%20alt%3D%22Calum_L1_0-1624291979780.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ESecond%20question%20is%20my%20organization's%20cyber%20analysts%20want%20to%20stream%20this%20transactional%20level%20data%20from%20endpoint%20browsers%20into%20a%20SIEM%20for%20long%20term%20(3%20year%2B)%20retention.%20Again%2C%20how%20can%20I%20obtain%20this%20info%20and%20possible%20buffer%20into%20into%20a%20Log%20Analytics%20Workspace%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2466365%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%20for%20Endpoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

How do I get to the low level of detail behind the Transactions logged in Cloud Discovery? For example, 206 transaction have been recorded to Azure CDN Edge nodes, but I want to find the actual URLs that web browsers accessed.

 

Happy to use KQL but I cannot figure out from the documentation where/if this level of detail is logged.:sad:

 

Calum_L1_0-1624291979780.png

Second question is my organization's cyber analysts want to stream this transactional level data from endpoint browsers into a SIEM for long term (3 year+) retention. Again, how can I obtain this info and possible buffer into into a Log Analytics Workspace?

 

0 Replies