Audit Logging
A
Advisory Mink
Looking to be able to have access to activities actioned by a user in the event an incident happens to know which use performed what change. Ideally be about to output to a report or SIEM solution.
Chris Brisson
Thank you for posting, Advisory Mink! I have a few more questions for you:
- What specific user activities or actions would you like to be included in the audit logs?
- How frequently do you anticipate needing to generate reports from the audit logs?
- Do you have any specific SIEM solutions in mind that you would like the audit logs to integrate with?
A
Advisory Mink
Chris Brisson
Looking for login events from browsers and extensions, location (IP, geolocation, devices/browser), actions (calls, sent messages (dates and times), settings changes (password resets, MFA changes), possibly based on specific roles (especially admins)
I would like to start with last 30 days of logs, being able to export it to csv or some other format.
SIEM solutions for my personal request would be Microsoft Sentinel.