Do any one have done ingesting their Microsoft Intune Audit Logs to elastic for alerting purposes? For example, if there's a specific Audit Logs on Intune it gets ingested to Elastic to create an alert ticket.
I'm looking to do that - to ingest all the Intune logs to Elastic, and have Elastic match for alert rulesets on the ingested Intune data. Are these rules readily available?
We haven't tried it and waiting for someone to confirm that they've done it.