Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure Add on for Splunk NO authenticationDetail resource type

zschmerber
Explorer
‎07-27-2021 07:32 AM

It seems that the authenticationDetail resource type is no longer part of the: Sign-ins - Azure AD sign-ins including conditional access policies and MFA

After researching the issue it seems only the Beta API NOT the v1.0 API has the data we want. However toggling the addon to Beta Has not affect on the log structure we still don't see authenticationDetail resource type in the logs. 

Microsoft Azure Add-on for Splunk Version: 3.1.1
Splunk Enterprise 8.1

Is this a problem with the TA not having the correct python to pull the data or the MS API changing ? worked in April this year. 

Labels (1)
Labels
0 Karma
Reply

zschmerber
Explorer
‎07-27-2021 09:40 AM

I was able to fix this by reinstalling the app.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...