PIM Builtin Alerts in Audit Log

%3CLINGO-SUB%20id%3D%22lingo-sub-1926203%22%20slang%3D%22en-US%22%3EPIM%20Builtin%20Alerts%20in%20Audit%20Log%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1926203%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20would%20like%20create%20an%20Sentinel%20alert%20rule%20for%20the%20builtin%20alert%20in%20PIM%3A%20%22Roles%20are%20being%20assigned%20outside%20of%20Privileged%20Identity%20Management%22%20Are%20these%20builtin%20alerts%20traceble%20in%20the%20AD%20Audit%20Logs%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%20Erik%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1987189%22%20slang%3D%22en-US%22%3ERe%3A%20PIM%20Builtin%20Alerts%20in%20Audit%20Log%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1987189%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F688819%22%20target%3D%22_blank%22%3E%40Erik_Snijder%3C%2FA%3E%26nbsp%3BI%20think%20you%20just%20might%20need%20to%20use%20the%20MCAS%20Alerts%20for%20this%2C%20and%20integrate%20MCAS%20to%20Sentinel%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello,

 

We would like create an Sentinel alert rule for the builtin alert in PIM: "Roles are being assigned outside of Privileged Identity Management" Are these builtin alerts traceble in the AD Audit Logs?

 

Regards, Erik

1 Reply

@Erik_Snijder I think you just might need to use the MCAS Alerts for this, and integrate MCAS to Sentinel