cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

calling AD group in analytical rule in place of watchlist

akshay250692
Brass Contributor

‎Mar 02 2023 11:17 AM - edited ‎Mar 02 2023 11:19 AM

‎Mar 02 2023 11:17 AM - edited ‎Mar 02 2023 11:19 AM

calling AD group in analytical rule in place of watchlist

Hi Team,

 

can it be possible to use AD group in analytical rule in place of watchlist?

 

if possible then how it can be done ?

Labels:
587 Views
0 Likes
2 Replies
Reply
2 Replies
Clive_Watson

‎Mar 06 2023 08:46 AM

‎Mar 06 2023 08:46 AM

Re: calling AD group in analytical rule in place of watchlist

AD or AAD?

UEBA helps here...the "IdentityInfo" table, holds the GroupMemberShip:

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-identityinfo-table-is-now-...
0 Likes
Reply
abdul1998

‎Mar 06 2023 10:29 PM

‎Mar 06 2023 10:29 PM

Re: calling AD group in analytical rule in place of watchlist

IdentityInfo
| where GroupMembership in ""
| distinct AccountName, GroupMembership


please check this
0 Likes
Reply