Chris Sanders 🔎 🧠Investigation Scenario 🔎
Your SIEM flags an OAuth consent grant to “Adobe Secure Share” from a user's M365 account at 07:13 AM. The audit log shows consent to files.readwrite.all.
What do you look for to investigate whether an incident occurred?
Investigation Scenario 🔎
Your SIEM flags an OAuth consent grant to “Adobe Secure Share” from a user's M365 account at 07:13 AM. The audit log shows consent to files.readwrite.all.
What do you look for to investigate whether an incident occurred?