Not a user yet?
Log in Register for free Suggest a product
Update

New data in advanced hunting CloudAppEvents table

Defender for Cloud AppsDefender for Cloud Apps
Microsoft
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

October 2024 Update

New anomaly data in advanced hunting CloudAppEvents table
Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal, can now utilize the new LastSeenForUser and UncommonForUser columns for queries and detections rules.
The new columns are designed to assist you to better identify uncommon activities that may appear suspicious, and allow you to create more accurate custom detections, as well as investigate any suspicious activities that arise.

New Conditional Access app control / inline data in advanced hunting CloudAppEvents table
Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new AuditSource and SessionData columns for queries and detection rules.
Using this data allows for queries that consider specific audit sources, including access and session control, and queries by specific inline sessions.

New data in advanced hunting CloudAppEvents table - OAuthAppId
Defender for Cloud Apps users who use advanced hunting in the Microsoft Defender portal can now use the new OAuthAppId column for queries and detection rules.
Using OAuthAppId allows the queries that consider specific OAuth applications, making queries and detection rules more accurate.

Version: October 2024 Update Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft Defender for Cloud Apps updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad