cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Pulling activities from Azure ATP

Robert Young
Brass Contributor

‎Jun 07 2019 01:59 PM

‎Jun 07 2019 01:59 PM

Pulling activities from Azure ATP

Just wondering if there is a way to pull activities from Azure ATP?  I would like to  export of all activities of a certain type (for example user account changes) on a daily basis.

 

There doesn't seem to be any way to access the data that AATP collects to use for other purposes.

 

696 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Ofek

‎Jun 08 2019 06:26 AM

‎Jun 08 2019 06:26 AM

Re: Pulling activities from Azure ATP

@Robert Young , You can go to the profile page of the entity and press "download activities".

There is not scheduling option for this though...

 

0 Likes
Reply
best response confirmed by Robert Young (Brass Contributor)
Gerson Levitz

‎Jun 11 2019 07:33 AM

‎Jun 11 2019 07:33 AM

Solution

Re: Pulling activities from Azure ATP

@Robert Young 

 

If you want to see all activities for a specific user, as Eli mentioned you can do this from the entity profile page. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-activities-search

 

If you want to search for activities across entities, this is something that you will need to wait for the Unified Secops Portal which was announced at RSA. 

Unified SecOps: https://aka.ms/unifiedportal

The Unified Secops portal is currently in Limited Public Preview. 

Best,

Gershon

0 Likes
Reply
Robert Young

‎Jun 11 2019 02:15 PM

‎Jun 11 2019 02:15 PM

Re: Pulling activities from Azure ATP

Thanks, I was looking to pull from all entities...will check out the Pub review.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Robert Young (Brass Contributor)
Gerson Levitz

‎Jun 11 2019 07:33 AM

‎Jun 11 2019 07:33 AM

Solution

Re: Pulling activities from Azure ATP

@Robert Young 

 

If you want to see all activities for a specific user, as Eli mentioned you can do this from the entity profile page. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-activities-search

 

If you want to search for activities across entities, this is something that you will need to wait for the Unified Secops Portal which was announced at RSA. 

Unified SecOps: https://aka.ms/unifiedportal

The Unified Secops portal is currently in Limited Public Preview. 

Best,

Gershon

View solution in original post

0 Likes
Reply