I want to supply a quick walkthrough of a new auditing capability we have rolled out in Security Copilot.
To enable it - in Security Copilot - open the Owner's Settings in the hamburger menu, and then locate the Logging audit data in Microsoft Purview option at the bottom and toggle the switch.
It takes 24-48 hours for data to start to flow, but once it does, you can access the Audit search in Microsoft Purview to create a custom search just for Security Copilot actions.
Docs: Manage logging audit data in Microsoft Purview
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[ Subscribe to the Bi-weekly Copilot for Security Newsletter]
[Subscribe to the Weekly SIEM and XDR Newsletter]
[Learn KQL with the Must Learn KQL series and book]
[Learn AI Security with the Must Learn AI Security series and book]
** Need a Tech break?? Sure, we all do! Check out my fiction novels: https://RodsFictionBooks.com
Share this post