I've installed version Version 1.2.1 (June 10, 2019) of Microsoft Azure Active Directory Add-on for Splunk and can now obtain the Azure AD User data.
Is it possible to make a modification to the TA to collect the group data from Azure AD via a rest api to collect from microsoft graph.
Has anything progressed on this subject, I'm very keen to get Microsoft Group Membership information into Splunk, either as an additional field in the azure:aad:user sourcetype or as a seperate input as azure:aad:group. This would be useful to prioritise and categorise users in Enterprise Security's Identity Framework
I believe it would require a new import module writing - input_module_MS_AAD_group.py
url = "https://graph.microsoft.com/v1.0/groups?$expand=members"
Hi, do you have any further details of the python script you mention? As far as I can see it doesn't already exist within the Azure AD TA.
Has anyone else done this?
Thanks in advance.