View Query Audit Logs in Microsoft Sentinel

preview_player
Показать описание
#loganalytics #kql #sentinel #microsoftsentinel #microsoftsecurity #microsoft

📌 View Query Audit Logs in Microsoft Sentinel

At times, we need to know
production environment either
➡️ Who has performed what query.
➡️ Was there a query performed by same user regularly.
➡️ Queries performed in last 1 day, 7days or 14 days etc.

To know all there we can enable audit with diagnostics settings in Log Analytics.

To extend further we can leverage Log Analytics Query Analysis workbook which is equipped with come of the prebuilt queries.

💡 This same query can be leveraged as Hunting query or Detection Rule when you need it.

Leverage this feature and share your thoughts. 🤔
  1. Samik Roy
  2. kql
  3. sentinel
  4. microsoftsentinel
  5. microsoftsecurity
  6. microsoft
Рекомендации по теме
View Query Audit 0:05:50

View Query Audit Logs in Microsoft Sentinel

Audit Logs: Querying 0:04:57

Audit Logs: Querying Logs, Pricing and Retention

How To Configure 0:11:20

How To Configure SQL Server Audit Events To The Security Log

Azure Audit Logs 0:07:01

Azure Audit Logs

Configuring Audit logs 0:07:53

Configuring Audit logs

MYSQL general query 0:05:34

MYSQL general query log file

GCP Logging 0:18:49

GCP Logging

Audit table changes 0:06:45

Audit table changes in sql server

Viewing Audit Logs 0:01:00

Viewing Audit Logs

How to Use 0:04:51

How to Use Query the Audit Log -General Query

Percona Audit Log 0:48:26

Percona Audit Log Plugin Configurations & Operations | MySQL Monitoring | MySQL Security | Audit

Audit logs for 0:00:49

Audit logs for Realtime Database #Shorts

Configuring and Viewing 0:38:22

Configuring and Viewing Cloud Audit Logs

SQL Server Audit 0:07:27

SQL Server Audit on table update

Configuring SQL Server 0:07:12

Configuring SQL Server auditing

How to View 0:05:36

How to View Audit Logs on Windows

Log Analytics | 0:32:22

Log Analytics | KQL Queries | Intune Audit Operational Logs

How to track 0:05:22

How to track past activity on SQL server Instance || SQL Server Audit || SQL server Database Audit

How To Audit 0:05:29

How To Audit DDL Changes in MS SQL Server

How to monitor 0:02:52

How to monitor Azure Audit logs || Who can access audit logs || Azure Active Directory

Hibernate Envers: How 0:08:07

Hibernate Envers: How To Query Data From Your Audit Log

How to View 0:04:03

How to View Logs in Azure Portal | How to use Azure Activity Log

How To Configure 0:09:32

How To Configure Auditing on Azure SQL Database with Selected Events

Configuring and Viewing 0:27:46

Configuring and Viewing Cloud Audit Logs

Комментарии
Автор

Hi bro, can you help me with a KQL query to know who has done a " role assignment" for a given user

sarathkumaras