Microsoft 365 扩充日志中的事件扩充
事件扩充使用 Microsoft 365 扩充日志来更清晰地关注不同工作负荷中的事件。 结果就是获得细致入微的见解,这些见解对于提高安全性和效率至关重要。 事件是经过精心挑选的,根据多种因素进行选择。 这些因素包括优先级排名、与安全环境的相关性以及这些事件对 Sentinel 或 Defender 的有用程度。
未来,我们对事件的介绍范围会扩大,扩大安全叙述的范围。
SharePoint Online(预览版)
| # | 工作负载 | 操作 |
|---|---|---|
| 1 | OneDrive | FileDeleted |
| 2 | SharePoint | FileDeleted |
| 3 | SharePoint | FileDeletedFirstStageRecycleBin |
| 4 | OneDrive | FileDeletedFirstStageRecycleBin |
| 5 | OneDrive | FileDownloaded |
| 6 | SharePoint | FileDownloaded |
| 7 | SharePoint | FileRecycled |
| 8 | OneDrive | FileRecycled |
| 9 | OneDrive | FileUploaded |
| 10 | SharePoint | FileUploaded |
| 11 | OneDrive | ListItemDeleted |
| 12 | SharePoint | ListItemRecycled |
Teams(受限预览版)
| # | 工作负载 | 操作 |
|---|---|---|
| 1 | 团队 | AppInstalled |
| 2 | Teams | BotAddedToTeam |
| 3 | 团队 | MemberAdded |
| 4 | Teams | MemberRemoved |
| 5 | 团队 | MemberRoleChanged |
| 6 | Teams | TeamDeleted |
| 7 | Teams | TeamsAdminAction |
Exchange(受限预览版)
| # | 工作负载 | 操作 |
|---|---|---|
| 1 | Exchange | New-InboxRule |
| 2 | Exchange | New-ManagementRoleAssignment |
| 3 | Exchange | New-TransportRule |
| 4 | Exchange | Set-AdminAuditLogConfig |
| 5 | Exchange | Set-AtpPolicyForO365 |
| 6 | Exchange | Set-CrossTenantAccessPolicy |
| 7 | Exchange | Set-OrganizationConfig |
| 8 | Exchange | Set-SharingPolicy |
| 9 | Exchange | Set-TransportRule |
注意
此预览版展示了许多对于改善安全态势和运营能力至关重要的事件。 虽然本文介绍的内容是初步的,但随着我们不断完善和扩展 Microsoft 365 扩充日志的事件扩充库,其内容可能会发生更改,恕不另行通知。