Managed Sentinel – Alert 004
|Alert Name||Monitor and alert on activity for specific SharePoint file or folder|
|Description||This alert will trigger when an unusual activity will be seen on a specific Sharepoint folder specified by the customer.|
|Threat Indicator||Unauthorized Access|
|MITRE ATT&CK Tactics||Exfiltration|
|Recommendations||1. Investigate in Sentinel the user ID and type of operations completed to this folder/file. Identify if any unauthorized changes were completed.|
2. Use investigation tool in Sentinel to see if any lateral movements from the same userID has happened into your network environment
3. Disable account if identified as malicious.
4. Gather logs and evidences for future investigations.