What Changed
New Miro solution added to Microsoft Sentinel providing enterprise collaboration platform monitoring through two CCF-based data connectors.
Data Source
Miro is a visual collaboration platform. The solution provides security monitoring for enterprise deployments with:
- Miro Audit Logs (Enterprise Plan): Authentication events, administrative actions, access control changes
- Miro Content Logs (Enterprise + Enterprise Guard): Content creation, modification, deletion, and sharing activities
Ingestion Mechanism
CCF-based RestApiPoller connectors using OAuth 2.0 authentication. Populates MiroAuditLogs_CL and MiroContentLogs_CL custom tables for audit and content activity monitoring.
Detection Surface Unlocked
- User authentication and access pattern monitoring
- Content sharing and data exfiltration detection
- Administrative configuration change tracking
- Insider threat and compliance monitoring
- Team and organization security oversight
Affected Files
Solutions/Miro/Data Connectors/MiroAuditLogs_CCF/ (4 files)
Solutions/Miro/Data Connectors/MiroContentLogs_CCF/ (4 files)
Solutions/Miro/Package/ (packaging artefacts)
Solutions/Miro/README.md
(logo and metadata files)