All Apps and Add-ons

Microsoft 365 App - Security and Compliance Center: Why are usernames not logged for certain Alerts?

New Member


I noticed that some "Security and Compliance" alerts log usernames and others do not. For instance, the alert name "File Uploaded to Document Library For The First Time" clearly logs the user who performed the action. However, the alert, "A Potentially Malicious URL Was Clicked" does not log the user who clicked on this information. I tried to extracts new fields and again, I observed that this particular alert does not contain the username.

For obvious reasons, I would like to have that information on hand whenever an alert such as this one comes through. I looked in the MS Security Portal, and that does have the username. It just does not get to Splunk, and therefore, cannot be apart of the alert.

Is there any way to resolve this? To be clear I would like all of these alerts to have a username associated with each. Thanks.

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...