All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft 365 App - Security and Compliance Center: Why are usernames not logged for certain Alerts?

eliman98
New Member
‎01-18-2023 01:14 PM

Hello,

I noticed that some "Security and Compliance" alerts log usernames and others do not. For instance, the alert name "File Uploaded to Document Library For The First Time" clearly logs the user who performed the action. However, the alert, "A Potentially Malicious URL Was Clicked" does not log the user who clicked on this information. I tried to extracts new fields and again, I observed that this particular alert does not contain the username.

For obvious reasons, I would like to have that information on hand whenever an alert such as this one comes through. I looked in the MS Security Portal, and that does have the username. It just does not get to Splunk, and therefore, cannot be apart of the alert.

Is there any way to resolve this? To be clear I would like all of these alerts to have a username associated with each. Thanks.

Labels (1)
Labels
Tags (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...