All Apps and Add-ons

Is there any way to capture the Risky Sign-ins from Azure into Splunk?

anandhalagarasa
Path Finder

Hi Team,

Is there any way to capture the Risky Sign-ins from Azure into Splunk so that will be helpful to implement the same in our environment.

Kindly note we have already installed Splunk Add-on For Microsoft services in our Search Head server. But not sure how to proceed further to capture the Risky Sign-ins from Azure environment.

Labels (1)
Tags (1)
0 Karma

aplackemeier
Explorer

index=* "riskState" | spath riskState | search riskState=atRisk

0 Karma

Darky86
New Member

Sorry to resurrect a superdead thread, but we are dealing with the same issue 2 years later. Is there an app that is able to import Risky Sign-ins, Risky Users and the like from Azure AD Identity Security into Splunk?

0 Karma

jconger
Splunk Employee
Splunk Employee

The Splunk Add-on for Microsoft Cloud Services does not currently integrate with the Azure AD Identity Protection graph API (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection-graph-ge... ) You can use the Splunk Add-on builder to interface with this API to pull these events though.

0 Karma

hughkelley
Path Finder

I think this app will fill the gap @jconger describes:

Microsoft Graph Security API Add-On for Splunk


https://splunkbase.splunk.com/app/4564/

0 Karma

anandhalagarasa
Path Finder

Can anyone help on this request

0 Karma

anandhalagarasa
Path Finder

Can anyone help?

0 Karma
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...