All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure Active Directory Add-on for Splunk - Azure AD Group Data

splunkmachine
Explorer
‎06-12-2019 05:24 AM

I've installed version Version 1.2.1 (June 10, 2019) of Microsoft Azure Active Directory Add-on for Splunk and can now obtain the Azure AD User data.

Is it possible to make a modification to the TA to collect the group data from Azure AD via a rest api to collect from microsoft graph.

0 Karma
Reply

bmarrable
New Member
‎03-24-2021 02:26 AM

Has anything progressed on this subject, I'm very keen to get Microsoft Group Membership information into Splunk, either as an additional field in the azure:aad:user sourcetype or as a seperate input as azure:aad:group. This would be useful to prioritise and categorise users in Enterprise Security's Identity Framework

0 Karma
Reply

splunkmachine
Explorer
‎06-20-2019 05:06 AM

I believe it would require a new import module writing - input_module_MS_AAD_group.py

    url = "https://graph.microsoft.com/v1.0/groups?$expand=members"
0 Karma
Reply

Dworsnop
Path Finder
‎09-16-2019 03:58 AM

Hi, do you have any further details of the python script you mention? As far as I can see it doesn't already exist within the Azure AD TA.

Has anyone else done this?

Thanks in advance.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...