While it is truth that the agent has received some updates during these last months, we can still see lots of relevant security events not covered, in fact, only the following ones are supported:1 ExchangeAdmin2 ExchangeItem3 ExchangeItemGroup4 SharePoint6 SharePointFileOperation8 AzureActiveDirectory9 AzureActiveDirectoryAccountLogon11 ComplianceDLPSharePoint13 ComplianceDLPExchange14 SharePointSharingOperation33 ComplianceDLPSharePointClassification55 SharePointContentTypeOperation56 SharePointFieldOperation
This is just a subset from the events produced
Actually, as security solution, they should focus on all the relevant ones for security monitoring, at first glance, I still miss many other events, to highlight:24Discovery28ThreatIntelligence41ThreatIntelligenceUrl47ThreatIntelligenceAtpContent
Is it too difficult to support them? I'm not asking for all of them but just the needed to ensure a proper security monitoring, neither the types "seen on the wild/nor documented"