Managed Sentinel – Alert 004

Alert IDMS-A004
Alert NameMonitor and alert on activity for specific SharePoint file or folder
DescriptionThis alert will trigger when an unusual activity will be seen on a specific Sharepoint folder specified by the customer.
Severity LevelInformational
Threat IndicatorUnauthorized Access
MITRE ATT&CK TacticsExfiltration
Log sourcesOfficeActivity
Recommendations1. Investigate in Sentinel the user ID and type of operations completed to this folder/file. Identify if any unauthorized changes were completed.
2. Use investigation tool in Sentinel to see if any lateral movements from the same userID has happened into your network environment
3. Disable account if identified as malicious.
4. Gather logs and evidences for future investigations.