Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure Add on for Splunk NO authenticationDetail resource type

zschmerber
Explorer
‎07-27-2021 07:32 AM

It seems that the authenticationDetail resource type is no longer part of the: Sign-ins - Azure AD sign-ins including conditional access policies and MFA

After researching the issue it seems only the Beta API NOT the v1.0 API has the data we want. However toggling the addon to Beta Has not affect on the log structure we still don't see authenticationDetail resource type in the logs. 

Microsoft Azure Add-on for Splunk Version: 3.1.1
Splunk Enterprise 8.1

Is this a problem with the TA not having the correct python to pull the data or the MS API changing ? worked in April this year. 

0 Karma
Reply

zschmerber
Explorer
‎07-27-2021 09:40 AM

I was able to fix this by reinstalling the app.

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...