All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure Active Directory Add-on for Splunk - Azure AD Group Data

splunkmachine
Explorer
‎06-12-2019 05:24 AM

I've installed version Version 1.2.1 (June 10, 2019) of Microsoft Azure Active Directory Add-on for Splunk and can now obtain the Azure AD User data.

Is it possible to make a modification to the TA to collect the group data from Azure AD via a rest api to collect from microsoft graph.

0 Karma
Reply

bmarrable
New Member
‎03-24-2021 02:26 AM

Has anything progressed on this subject, I'm very keen to get Microsoft Group Membership information into Splunk, either as an additional field in the azure:aad:user sourcetype or as a seperate input as azure:aad:group. This would be useful to prioritise and categorise users in Enterprise Security's Identity Framework

0 Karma
Reply

splunkmachine
Explorer
‎06-20-2019 05:06 AM

I believe it would require a new import module writing - input_module_MS_AAD_group.py

    url = "https://graph.microsoft.com/v1.0/groups?$expand=members"
0 Karma
Reply

Dworsnop
Path Finder
‎09-16-2019 03:58 AM

Hi, do you have any further details of the python script you mention? As far as I can see it doesn't already exist within the Azure AD TA.

Has anyone else done this?

Thanks in advance.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...