This report pulls Microsoft Sentinel data from the underlying Log Analytics workspace and other Sentinel REST endpoints.
Example Usage:
- Review incidents / alerts generated by Sentinel
Pages:
- CloudApps – All the data from Microsoft Defender for CloudApps
- Sentinel (Alerts) – Alerts from the Sentinel instance
- Security Center – Alerts from the Microsoft Defender for Cloud
- Audit Log
- List – all Azure AD activities
- By User – All Azure AD activities by user
- Software Changes – If using Change Tracking on devices, all software changes during monthly review period
- Vulnerabilities – If using Microsoft Defender for Endpoint, all vulnerabilities for each registered device
Screen Shots:
