Microsoft Azure Active Directory Add-on for Splunk...

splunkmachine · ‎06-12-2019

I've installed version Version 1.2.1 (June 10, 2019) of Microsoft Azure Active Directory Add-on for Splunk and can now obtain the Azure AD User data.

Is it possible to make a modification to the TA to collect the group data from Azure AD via a rest api to collect from microsoft graph.

bmarrable · ‎03-24-2021

Has anything progressed on this subject, I'm very keen to get Microsoft Group Membership information into Splunk, either as an additional field in the azure:aad:user sourcetype or as a seperate input as azure:aad:group. This would be useful to prioritise and categorise users in Enterprise Security's Identity Framework

splunkmachine · ‎06-20-2019

I believe it would require a new import module writing - input_module_MS_AAD_group.py

    url = "https://graph.microsoft.com/v1.0/groups?$expand=members"

Dworsnop · ‎09-16-2019

Hi, do you have any further details of the python script you mention? As far as I can see it doesn't already exist within the Azure AD TA.

Has anyone else done this?

Thanks in advance.

Microsoft Azure Active Directory Add-on for Splunk - Azure AD Group Data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

Join the Conversation