How to know who changed the status in Defender for cloud Security alert

Question

How to know who changed the status in Defender for cloud Security alert

Rakesh Kumar 15

My team members are changing the status of security alerts in Defender for cloud. How can i check who worked on which alert ?

Anonymous

2024-09-10T23:08:36.2366667+00:00

Hi @Rakesh Kumar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James
Anonymous

2024-10-31T02:46:52.1133333+00:00

Hi @Rakesh Kumar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James

1 answer

Your answer

Anonymous

2024-09-10T23:08:36.2366667+00:00

Hi @Rakesh Kumar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James
Anonymous

2024-10-31T02:46:52.1133333+00:00

Hi @Rakesh Kumar , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James

Answer 1

Hi @Rakesh Kumar , you should be able to use Azure Activity Log. You can filter the Activity Log to find entries related to security alerts and see who made the changes.

If you have connected Microsoft Defender for Cloud to a Log Analytics workspace, you can query the SecurityAlert table to find details about the alerts and the actions taken. You can use the following query to get information about the alerts:

   SecurityAlert
| where ProductName == "Azure Security Center"
| project TimeGenerated, AlertName, AlertSeverity, Status, ChangedBy

Share via

How to know who changed the status in Defender for cloud Security alert

1 answer

Your answer