Forum Discussion
Solved
List of events
Hi all
is somewhere list of event we need to audit on DC, for 100% ATA functionality ?
Like Audit user logon logoff etc....
- This is the link for ATA: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
This is the link to MDI: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
5 Replies
- This is the link for ATA: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collection
This is the link to MDI: https://docs.microsoft.com/en-us/advanced-threat-analytics/configure-event-collectionOr Tsemah the MDI installation says;
- Under Permissions, select Full Control. All the permissions will be selected, and when triggered, appear as 4662 events. You can then uncheck List and Read permissions, since Defender for Identity only detects changes to directory services.
Do you need to uncheck ALL the Read and List permissions? it's a lot:)
- Yes, as the image suggests
- Under Permissions, select Full Control. All the permissions will be selected, and when triggered, appear as 4662 events. You can then uncheck List and Read permissions, since Defender for Identity only detects changes to directory services.
