Hi All,
Anyone successful able to pull the logs (Sign-in and Audit logs) of Active Directory via Azure Event Hub. If yes which method you follow.
Any other recommendation method. Thanks in advance
Yes. Here's how:
insights-logs-signinlogs
and insights-logs-auditlogs
Yes. Here's how:
insights-logs-signinlogs
and insights-logs-auditlogs
Thanks @jconger it worked.
Can we define sourcetype for sign and audit logs as currently sourcetype is defined which is amdl:diagnosticLogs.
Yes - modify logCategories.json
Thanks for quick reply @jconger , you mean i need to update "MICROSOFT.AADIAM/AUDIT" OR "MICROSOFT.AADIAM/SIGNIN" with ?
"MICROSOFT.AADIAM/AUDIT": "amdl:aadal:audit",
"MICROSOFT.AADIAM/SIGNIN": "amdl:aadal:signin"
@jconger did u got change to have a look ?
@jconger please help.