Security

Microsoft Azure Add on for Splunk NO authenticationDetail resource type

zschmerber
Explorer

It seems that the authenticationDetail resource type is no longer part of the: Sign-ins - Azure AD sign-ins including conditional access policies and MFA

After researching the issue it seems only the Beta API NOT the v1.0 API has the data we want. However toggling the addon to Beta Has not affect on the log structure we still don't see authenticationDetail resource type in the logs. 

Microsoft Azure Add-on for Splunk Version: 3.1.1
Splunk Enterprise 8.1

Is this a problem with the TA not having the correct python to pull the data or the MS API changing ? worked in April this year. 

0 Karma

zschmerber
Explorer

I was able to fix this by reinstalling the app.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...