cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Audit Trail for Sentinel Incident Management

S7RAY
Copper Contributor

‎May 27 2020 03:19 AM

‎May 27 2020 03:19 AM

Audit Trail for Sentinel Incident Management

Is there an audit trail for us to track incident management, creation/editing/deletion of rules and such on Azure Sentinel?

 

 

 

994 Views
0 Likes
1 Reply
Reply
1 Reply
Rod_Trent

‎May 27 2020 03:46 AM

‎May 27 2020 03:46 AM

Re: Audit Trail for Sentinel Incident Management

@S7RAY This capability exists somewhat in the AzureActivity data. Here's an example for an alert being deleted:

 

AzureActivity
| where OperationName == "Delete Alert Rules" and ActivityStatusValue == "Succeeded"
| project Caller , EventSubmissionTimestamp

 

This will be better exposed in the near future.

0 Likes
Reply