Jun 07 2019 01:59 PM
Just wondering if there is a way to pull activities from Azure ATP? I would like to export of all activities of a certain type (for example user account changes) on a daily basis.
There doesn't seem to be any way to access the data that AATP collects to use for other purposes.
Jun 08 2019 06:26 AM
@Robert Young , You can go to the profile page of the entity and press "download activities".
There is not scheduling option for this though...
Jun 11 2019 07:33 AM
Solution
If you want to see all activities for a specific user, as Eli mentioned you can do this from the entity profile page. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-activities-search
If you want to search for activities across entities, this is something that you will need to wait for the Unified Secops Portal which was announced at RSA.
Unified SecOps: https://aka.ms/unifiedportal
The Unified Secops portal is currently in Limited Public Preview.
Best,
Gershon
Jun 11 2019 02:15 PM
Jun 11 2019 07:33 AM
Solution
If you want to see all activities for a specific user, as Eli mentioned you can do this from the entity profile page. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-activities-search
If you want to search for activities across entities, this is something that you will need to wait for the Unified Secops Portal which was announced at RSA.
Unified SecOps: https://aka.ms/unifiedportal
The Unified Secops portal is currently in Limited Public Preview.
Best,
Gershon