Unable to View Audit Logs
Hi all! I am once again coming to you, asking for assistance. We had a security alert in Azure and I was able to go all the way through to see what the issue was, BUT when I try to go into the "View Suspicious Activity" page I get the below. Now multiple users in my team get the same as me, but one user can see everything in here. He's not even in the resource with any permissions yet he can see these logs. Am I missing something really obvious? Or is this another fun little bug? Thanks in advance
New Blog | Incident Triage: Microsoft Defender for Cloud Attack Path Analysis and Microsoft Sentinel
Introduction If you are actively involved in the process of responding to cybersecurity incidents or work in a capacity that deals with incident response, you understand the criticality of promptly identifying and mitigating security breaches in cloud environments. Timely and accurate incident triaging is crucial to minimize the impact of potential breaches and ensure a proactive security posture. However, in many cases, security analysts are overwhelmed by the sheer volume of incidents and the manual effort required to investigate and prioritize them. To address this challenge, we have developed a solution leveraging Microsoft Defender for Cloud Attack Path Analysis into Microsoft Sentinel to streamline computer’s cyber security incident triaging and improve response times. Read the blog: Incident Triage: Microsoft Defender for Cloud Attack Path Analysis and Microsoft Sentinel - Microsoft Community Hub
ASC auto provisioning
Hi Team, Suppose we have one centralized management subscription. In that centralized subscription we have created log analytic workspaces in different regions. These log analytic workspaces are enabled with sentinel. due to compliance reason, we would like to keep the log data within the region, how we can automate the auto provisioning in a way, that each VM's syslog or event logs should forwarded into correct log analytic workspace in centralized subscription. References: Support Regions: https://docs.microsoft.com/en-us/azure/security-center/faq-data-collection-agents Enable AutoProvision: Install the Log Analytics agent for Linux
