@Chris_321
Sign-in logs gives you all events.
Audit Logs gives you ApplicationManagement, DirectoryManagement, GroupManagement, Device, RoleManagement, andUserManagementCategory
Azure Activity Logs give you Authorization, AzureActiveDirectory, Billing ,Compute ,Consumption, KeyVault, Devices, Network, Resources, Intune, Logic, Sql ,Storage
Security Events gives you the following (Windows or Security events) 4624: An account was successfully logged on, 4625: An account failed to log on, 4648: A logon was attempted using explicit credentials, 4672: Special privileges assigned to new logon, 4688: A new process has been created
Here is the value for you.
Sign-in logs will give you insight (user sign-ins to various services and applications) to detect unusual login times, multiple failed login attempts, or potentially malicious login behavior.
Audit Logs will provide data (user actions, system changes, and administrative operations) that illuminates user interactions, system modifications, and administrative activities. This is key to understanding what is normal and then finding deviations from that.
Activity Logs will monitor changes to Azure resources (resource creation, updates, and deletions). Malicious behavior patterns with azure resources can be found here.
Security Events provide a context ( login attempts, access control changes, and other stuff). Patterns of compromise are found in accounts that are compromised, insider threats, or other malicious behavior.
The other connectors like MDE give important data, you get the ability to correlate events, detect blind spots, create a behavioral profile of an entity, and get the context in which to evaluate an suspicious actions.
Microsoft Sentinel UEBA reference | Microsoft Learn
So, in a nutshell its just a good idea to connect them to UEBA.
Hope this helps.
G.
