Jul 26 2021
12:06 AM
- last edited on
Jan 14 2022
04:01 PM
by
TechCommunityAP
Jul 26 2021
12:06 AM
- last edited on
Jan 14 2022
04:01 PM
by
TechCommunityAP
Hi,
I have an on-prem AD which is streaming the logs into Azure Sentinel. I need to monitor couple of groups in the on-Prem AD , for activities like User Added or deleted. For this I am checking AuditLogs table in Sentinel. But I could not find these details in the table.
I am trying to find these details with the below parameters without any success.
OperationName = "Import"
TargetResources contains<DirectoryName>(As I have added a new user to the Directory , I am checking with the directory first, before I dig deep)
Could you please advise if this is not the correct approach
Thanks
Oct 07 2021 06:15 AM
SolutionOct 07 2021 06:15 AM
Solution