Auditing when an exclusion is added or removed from Azure ATP

%3CLINGO-SUB%20id%3D%22lingo-sub-2080281%22%20slang%3D%22en-US%22%3EAuditing%20when%20an%20exclusion%20is%20added%20or%20removed%20from%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2080281%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20ascertain%20where%20the%20configuration%20in%20Azure%20ATP%20is%20stored%20that%20changes%20in%20exclusions%20can%20be%20logged%20for%20alerting%20and%20or%20review%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2080377%22%20slang%3D%22en-US%22%3ERe%3A%20Auditing%20when%20an%20exclusion%20is%20added%20or%20removed%20from%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2080377%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F398581%22%20target%3D%22_blank%22%3E%40BLK-Brogie%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3ECurrently%20it%20is%20audited%20in%20the%20backend%20and%20not%20customer%20visible%20directly.%3C%2FP%3E%0A%3CP%3EIn%20case%20of%20need%20%2C%20open%20a%20support%20case%20with%20the%20specific%20data%20you%20are%20interested%20in%20from%20the%20audit%20logs%2C%26nbsp%3B%3CBR%20%2F%3EAnd%20the%20data%20will%20be%20pulled%26nbsp%3B%20for%20you%20from%20the%20backend.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20aware%20that%20this%20is%20planned%20to%20be%20changed%20at%20some%20point%20and%20this%20data%20is%20planned%20to%20be%20customer%20visible%2C%20but%20can't%20tell%20you%20when%20and%20how%20exactly...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2080861%22%20slang%3D%22en-US%22%3ERe%3A%20Auditing%20when%20an%20exclusion%20is%20added%20or%20removed%20from%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2080861%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%20Thanks%2C%20is%20there%20a%20capability%20to%20export%20the%20config%20to%20JSON%20similar%20to%20ATA%20which%20then%20I%20could%20do%20compares%20of%20the%20configs%20at%20different%20points%20in%20time%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2082823%22%20slang%3D%22en-US%22%3ERe%3A%20Auditing%20when%20an%20exclusion%20is%20added%20or%20removed%20from%20Azure%20ATP%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2082823%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F398581%22%20target%3D%22_blank%22%3E%40BLK-Brogie%3C%2FA%3E%26nbsp%3B%20Officially%20no%2C%20But%20unofficially%20%2C%20F12%20dev%20tools%20%3CSTRONG%3Emight%3C%2FSTRONG%3E%20work%20for%20what%20you%20want%2C%20although%20far%20from%20optimal.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Trying to ascertain where the configuration in Azure ATP is stored that changes in exclusions can be logged for alerting and or review?

3 Replies

@BLK-Brogie 
Currently it is audited in the backend and not customer visible directly.

In case of need , open a support case with the specific data you are interested in from the audit logs, 
And the data will be pulled  for you from the backend.

I am aware that this is planned to be changed at some point and this data is planned to be customer visible, but can't tell you when and how exactly...

@Eli Ofek  Thanks, is there a capability to export the config to JSON similar to ATA which then I could do compares of the configs at different points in time?

@BLK-Brogie  Officially no, But unofficially , F12 dev tools might work for what you want, although far from optimal.