https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/afac3b1e-50ae-40df-b39a-7c8d0fe01a45_majorlogo280x280v2.png

major_audit_agent

firmy Major

Major AI Activity Reporter Agent brings insights and recommendations on all the major tech users

The Major AI Activity Audit Reporter is a security analyst agent that specializes in AI activity auditing and integrates with Microsoft Sentinel to retrieve and analyze AI agent invocation data. The agent works with Sentinel's Log Analytics workspace to access the table, executing a coordinated series of KQL queries to identify usage anomalies, security concerns, and behavioral patterns in AI agent activities across the organization.

Agent Tasks:

  • Execute six coordinated KQL audits:
    1. Activity summary by user (total invocations, applications used, resource types accessed, failure counts)
    2. Week-over-week volume trending to identify usage spikes
    3. First-time resource type access detection (comparative analysis against historical baseline)
    4. High-frequency burst activity detection (hourly activity patterns and anomalies)
    5. SQL query pattern tracking and flagging (identifies database queries and sensitive operations)
    6. Off-hours activity flagging (identifies activity outside business hours: 9 AM–5 PM)

  • Synthesize audit findings into a natural language narrative with risk classification

    • Inputs:

    • TimeRange parameter (configurable lookback period in days; default: 7 days)
    • Microsoft Sentinel Log Analytics workspace with ingested table containing AI agent activity telemetry (userEmail, userName, applicationName, resourceType, status, timestamp, payload data)

    Outputs:

    • Structured audit narrative report including activity summaries, volume analysis, new resource access flags, burst pattern alerts, SQL query inventory, off-hours activity detection
    • Risk verdict classification (GREEN/YELLOW/RED) with specific anomalies identified
    • Recommended investigation actions and remediation guidance for flagged behaviors

W skrócie

https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/9376394b-5943-497a-b8c1-44a7c7d9c964_majorscreenshot11280x720.png
https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/cea6b458-8b3a-487a-92b6-899d52dac8e6_majorscreenshot21280x720.png
https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/8d1bb4d0-a058-44de-9d64-14b62175e709_majorscreenshot31280x720.png
https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/4160125b-6a91-48bd-b922-2ef1c2054382_majorscreenshot41280x720.png
https://catalogartifact.azureedge.net/publicartifacts/major.major_audit_agent-45f7af0e-2684-40a1-856e-1cb9faa377bb/882c0539-1c61-43c7-8a42-b02f12a8205a_majorscreenshot51280x720.png