![]() ![]() Once the page loads, select the Run query button to run the KQL query and view the results.Īfter the query runs, the query results display in tabular form.A new tab is opened, redirecting you to the Advanced hunting page with a prepopulated KQL query. Select the go-hunt icon next to each resource to view details of the resources accessed by the app in the last 30 days.Once you have a high-level overview of the data used by the app across services and resources, you may want to know the details of the app activities and the resources it accessed while performing these activities. Step 3: Hunt for related activities and resources accessed. Select the Data usage tab on the app details pane to view information on the size and count of resources accessed by the app in the last 30 days.Īpp governance provides data usage-based insights for resources such as emails, files, and chat and channel messages across Exchange Online, OneDrive, SharePoint and Teams.Once you’ve identified an app, select the app to open the app details pane.Alternatively, use the Data usage or Services accessed filters to view apps that have accessed data on one or more of the supported Microsoft 365 services. ![]() If you're looking to get more details on the data accessed by a specific app, search for that app on the app list in app governance. The Defender for Cloud Apps App governance page lists all Azure AD OAuth apps. This article describes how to you can simplify app-based threat hunting using app governance in Microsoft Defender for Cloud Apps. Using app governance and advanced hunting capabilities, you can get complete visibility into activities done by the apps and the resources it has accessed. While investigating an app governance alert or reviewing the app behavior in the environment, it becomes important to quickly get visibility into details of activities done by such suspicious apps and take remediation actions to protect assets in your organization. Apps can be a valuable entry point for attackers, so we recommend monitoring anomalies and suspicious behaviors that use apps.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |