Detect threats using GraphAPIAuditEvents - Part 3
Cloudbrothers
2025-08-15 04:32:57
收藏
For a long time now, defenders had the ability to monitor behavior of human- and workload identities in Entra tenants not only through AuditLogs but with high level of insight with the MicrosoftGraphActivityLogs logs. The last two articles of this series gave you detection ideas and hunting queries for this logs source and were meant as a kick starter for detection engineers. But in the end the high cost of this log prevented many companies from putting it into operation.
目录
最新
- Remove old or orphaned Sentinels from the XDR Streaming API
- Detect threats using GraphAPIAuditEvents - Part 3
- Workshop: Kusto Graph Semantics Explained
- EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
- You always trust your CSP - Cross Tenant MFA and GDAP
- Find lateral movement paths using KQL Graph semantics
- Data Protection Made a Breeze: MDA integration in Edge for Business
- Passkey Public Preview for Entra ID