Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
'This alert is triggered when a Microsoft Purview Insider Risk Management alert is recieved in Microsoft Sentinel via the Microsoft Purview Insider Risk Management Connector. The alert extracts usernames from security alerts to provide UserPrincipalName, Alert Name, Reporting Product Name, Status, Alert Link, Previous Alerts Links, Time Generated. There is an option for configuration of correlations against Microsoft Sentinel watchlists. For more information, see [Learn about insider risk manage
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | MicrosoftPurviewInsiderRiskManagement |
| ID | 69660e65-0e5c-4700-8b99-5caf59786606 |
| Severity | High |
| Kind | Scheduled |
| Tactics | Execution |
| Techniques | T1204 |
| Required Connectors | OfficeATP |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
SecurityAlert |
ProductName == "Microsoft 365 Insider Risk Management" |
✓ | ✗ | ✓ |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
↑ Back to Analytic Rules · Back to MicrosoftPurviewInsiderRiskManagement