Monitor and alert on activity for specific SharePoint file or folder
This alert will trigger when an unusual activity will be seen on a specific Sharepoint folder specified by the customer.
MITRE ATT&CK Tactics
1. Investigate in Sentinel the user ID and type of operations completed to this folder/file. Identify if any unauthorized changes were completed.
2. Use investigation tool in Sentinel to see if any lateral movements from the same userID has happened into your network environment
3. Disable account if identified as malicious.
4. Gather logs and evidences for future investigations.