on perm fileserver delete logs to cloud app security

%3CLINGO-SUB%20id%3D%22lingo-sub-1309455%22%20slang%3D%22en-US%22%3Eon%20perm%20fileserver%20delete%20logs%20to%20cloud%20app%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1309455%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20to%20send%20the%20delete%20file%20logs%20from%20on%20perm%20fileserver%20to%20CAS%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EGabor%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1378976%22%20slang%3D%22en-US%22%3ERe%3A%20on%20perm%20fileserver%20delete%20logs%20to%20cloud%20app%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1378976%22%20slang%3D%22en-US%22%3EI%20think%20what%20you%20are%20asking%20is%20if%20it%20is%20possible%20to%20monitor%20and%20alert%20when%20someone%20clears%20the%20security%20event%20log%20(Event%20ID%20517%20and%201102).%3CBR%20%2F%3ECloud%20App%20Security%20won't%20do%20that%20for%20you%2C%20but%20Azure%20Sentinel%20or%20Azure%20Log%20Analytics%20will%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-windows-security-events%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-windows-security-events%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1378985%22%20slang%3D%22en-US%22%3ERe%3A%20on%20perm%20fileserver%20delete%20logs%20to%20cloud%20app%20security%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1378985%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20I%20did%20this%20in%20the%20meantime%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5941%22%20target%3D%22_blank%22%3E%40Joe%20Stocker%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi all,

 

Is there any way to send the delete file logs from on perm fileserver to CAS ?

 

Thanks.


Gabor

2 Replies
I think what you are asking is if it is possible to monitor and alert when someone clears the security event log (Event ID 517 and 1102).
Cloud App Security won't do that for you, but Azure Sentinel or Azure Log Analytics will:
https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events

Thanks, I did this in the meantime @Joe Stocker