Detections
- Home
- - Detections
- -DT094
- ID: DT094
- Created: 29th July 2024
- Updated: 29th July 2024
- Contributor: The ITM Team
Microsoft Purview Audit Search
Microsoft's Purview portal has a feature named Audit that permits access to critical audit log event data to gain insight and further investigate user activities. This can be used to investigate activity from a range of Microsoft services, such as SharePoint, OneDrive, and Outlook. Searches can be scoped to a specific timeframe, user account, and platform using the extensive filters available.
Sections
ID | Name | Description |
---|---|---|
IF011.003 | Providing Unauthorized Access to a Collaboration Platform | The subject provides unauthorized party access to a collaboration platform, such as Slack, Teams, or Confluence that exposes them to information they are not permitted to access. This can be achieved by adding an existing organizational account, or a guest account. |
PR004.002 | Collaboration Platform Exploration | A subject may search for or otherwise explore files on a Collaboration Platform (such as SharePoint, OneDrive, Confluence, etc) to identify sensitive or valuable information. |