All Apps and Add-ons

Splunk Add-on for Microsoft Cloud Services: How to receive sign-in and audit log data

ptur
Path Finder

Hello,

We have recently installed this Azure add-on. I can successfully receive data from O365 Management APIs, Azure resources ....however, the only data we really need is data that can be accessed from Azure portal by going to Azure Active Directory -> Activity -> Sign-ins and Audit Logs

Have anyone had any success pulling in this data?

Thanks!

jconger
Splunk Employee
Splunk Employee

The Azure AD sign-in and audit data can be access with this add-on -> https://splunkbase.splunk.com/app/3757/

Here is what the add-on collects:

Sign-in data
- Application targeted for sign-in
- Date/time of the sign-in
- Status of login (success/fail)
- Failure reason if applicable
- User
- Geo data like coordinates, city, state, zip

Audit activity data
- Activity
- Actor (ip address, user name)
- Targets (what was changed including old and new values)
- Tenant details

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...