MS ALERTS SUMMARY
SENTINEL KQL UTILITIES
Managed Sentinel – Alert 206
Microsoft Cloud App Security alert
This alert indicates that the Microsoft Cloud App Security (MCAS) has raised an alert based on the configured policies.
Various indicators, depending on the user activity that triggered the MCAS alert.
MITRE ATT&CK Tactics
Various tactics, depending on the user activity that triggered the MCAS alert.
Microsoft Cloud App Security
1. Review the suspicious activity identified by MCAS
2. Contact the user if applicable
3. Look for additional indicators of compromise related to the user or the system identified in the alert.
Share this entry
Share on Facebook
Share on Twitter
Share on Linkedin
Share on Tumblr
Share by Mail
Scroll to top