Jul 26 2021
- last edited on
Jan 14 2022
I have an on-prem AD which is streaming the logs into Azure Sentinel. I need to monitor couple of groups in the on-Prem AD , for activities like User Added or deleted. For this I am checking AuditLogs table in Sentinel. But I could not find these details in the table.
I am trying to find these details with the below parameters without any success.
OperationName = "Import"
TargetResources contains<DirectoryName>(As I have added a new user to the Directory , I am checking with the directory first, before I dig deep)
Could you please advise if this is not the correct approach
Oct 07 2021 06:15 AMSolution