cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

UnifiedAuditLogs in sentinel

Qusai_Ismail
Brass Contributor

‎Aug 29 2022 11:17 PM

‎Aug 29 2022 11:17 PM

UnifiedAuditLogs in sentinel

Hello,

 

Where to find the unifiedauditlog in sentinel ?

Which connector is required for that logs?

 

 

BR,

Labels:
4,241 Views
0 Likes
4 Replies
Reply
4 Replies
best response confirmed by Rod_Trent (Microsoft)
Clive_Watson

‎Aug 29 2022 11:45 PM

‎Aug 29 2022 11:45 PM

Solution

Re: UnifiedAuditLogs in sentinel

@Qusai_Ismail 

Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compl...

The link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start

Clive_Watson_0-1661841920816.png

Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)

1 Like
Reply
Qusai_Ismail

‎Aug 30 2022 01:31 AM

‎Aug 30 2022 01:31 AM

Re: UnifiedAuditLogs in sentinel

Thank you, that mean there are not tables related to that audits in Microsoft sentinel ?
0 Likes
Reply
Clive_Watson

‎Aug 30 2022 02:37 AM

‎Aug 30 2022 02:37 AM

Re: UnifiedAuditLogs in sentinel

Correct, as far as I know there isn't a 1:1 mapping, there are multiple tables and connectors needed.
But I haven't looked at the table created by the Insider Risk solution.
0 Likes
Reply
Qusai_Ismail

‎Aug 30 2022 04:19 AM

‎Aug 30 2022 04:19 AM

Re: UnifiedAuditLogs in sentinel

Ah thanks.

My case: there is an incident called "eDiscovery search started or exported" come from vendor "Microsoft Defender for Office 365", and the incident is not have the efficient data, so we are trying to find the related data logs without access the "unified audit logs" in Compliance Security
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Rod_Trent (Microsoft)
Clive_Watson

‎Aug 29 2022 11:45 PM

‎Aug 29 2022 11:45 PM

Solution

Re: UnifiedAuditLogs in sentinel

@Qusai_Ismail 

Do you mean the Unified Log mentioned mentioned in regards to Azure Purview?
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compl...

The link above lists the Services (but there isn't a doc that maps them back to Sentinel Tables). I've not used it but the Insider Risk solution might be a good point to start

Clive_Watson_0-1661841920816.png

Azure-Sentinel/Solutions/Azure Purview at master · Azure/Azure-Sentinel (github.com)

View solution in original post

1 Like
Reply