Search and Investigation Part 2: Audit Log

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Welcome back to the M s 3. 65 Security Administration course.
00:05
I'm pumped to be your instructor, Jim Deng's.
00:08
We're on module five in this 3 65 compliance.
00:12
Listen,
00:13
tress
00:14
searching investigation
00:16
part two on along
00:18
in this lesson,
00:20
we're going to go over.
00:21
Permission is required to search around the old
00:25
permission is required to start around the analog. How to configure audit policies.
00:31
This is a part of my childhood,
00:33
right and stepping.
00:34
Fact I recently day or looking at doing a reboot of ren and Stimpy
00:40
kind of cool.
00:41
So if you watch your Innocenti, you know the long song logs. Or better than that,
00:49
you can search for these types of activities within in this for 65 through logs,
00:56
user activity and SharePoint on one drop
00:58
activity in exchange
01:00
even have exchange mailbox audit, logging,
01:03
admin activity in SharePoint and then activity and azure A d
01:08
at me and activity in exchange online user and admin activity and sway. If you use white,
01:15
he's an M and a activity in power bi I
01:18
user admin activity and teams user and am in activity in yammer.
01:23
And Microsoft is continuously adding more to the Auto log search
01:29
configuring audit policies.
01:32
Microsoft 3 65 Auditing policies enable organizations to log events
01:38
such as viewing, editing and deleting content like email messages. Documents. Task list
01:44
is useless. Discussion groups calendars
01:49
So all of these events
01:52
can be long.
01:53
So if you have someone who wants to know who do leader one document,
01:57
take it out along.
02:00
You have a policy when you think they can get in the work on it.
02:04
If there's a certain document SharePoint on, they want to know whenever is added it.
02:07
They can go in and set their own or user based alarms based on the analog.
02:13
Pretty cool stuff.
02:15
Once out of the is turned on
02:17
an admin
02:19
war compliance officer in search for hundreds of individual types of events from industry 65.
02:28
Some of the reasons you may want to search or to discover user and administrative activities or even find you discovery related activities.
02:38
You can filter search results
02:39
when you run auto long search, and when the results are displayed, just click full to result results so you have pretty filter opposed filter
02:50
exporting search results.
02:52
The results of an audit long starts can be exported into a CSTV foul
02:57
that's see SV Foul can be searched, sortie, filtered and have other advanced data features. Apply to it within Excel
03:07
advanced on it.
03:09
High value events power quicker investigations
03:14
process inside show contacts and key patterns.
03:16
Longer term attention
03:19
to meet investigation and compliance requirements near real time access to data to enable fast access to audit events.
03:30
Quit
03:30
e discovery actions. Such just searches and exports
03:34
are searchable in the office. 3 65 Audit logs True
03:38
Well, folks,
03:43
The answer to that, of course, is true. Yeah,
03:49
I'm going to give you guys will be a time to read the parody comic
03:53
for Schoolhouse Rock.
04:02
To recap The short lesson in mystery 65. Auditing policies
04:06
enables organizations to log events such as viewing, editing and deleting content,
04:13
such as email messages, documents
04:15
with
04:16
library items, discussion groups, calendars.
04:20
Thank you for joining me on this lesson.
04:23
You see for the next one take care
Up Next
MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By