All Apps and Add-ons

Microsoft Azure Add-on for Splunk - non-interactive signins

wstarowicz
Path Finder

Hi, I'm trying to get Sign-ins for Azure. It seems that add-on is only fetching interactive sign-ins and not-interactive not. IS there a possibility to fetch these also? They are showing in Azure console as "User sign-ins (non-interactive)"

.

Labels (3)

hughkelley
Path Finder

Azure AD sign-in logs -> Azure event hub -> Splunk.  

Just make sure you're using v4.1.3 of the Splunk Add-on for Microsoft Cloud Services.   Prior versions didn't handle event hubs properly.

https://splunkbase.splunk.com/app/3110/

0 Karma

hughkelley
Path Finder

The latest version of the Splunk Add-on for Microsoft Cloud Services  (4.1.3)  reads from event hubs.   You can send the non-interactive sign-in Azure logs to an event hub and then consume from there.

0 Karma

hughkelley
Path Finder

I'm looking for the same.    Based on this blog and my poking around the Graph API,  I don't think they're easily accessible.

https://www.michev.info/Blog/Post/3127/azure-ad-sign-in-logs-for-service-principals-and-other-recent...

I'm looking into the Log Analytics Space -> Splunk options now.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!