Hi Team,
We are trying to build a dashboard for the Azure PIM logs in splunk to visualize who all are elevating their admin roles in Azure and what are the activities they are performing and how often they require the role, unfortunately we are not able to filter the action in splunk. In the operations list we couldn't identify anything related to PIM. please help with the search index
index=client* sourcetype="o365:management:activity" Workload=AzureActiveDirectory action
Regards,
Sai
Hi,
Did you find a way to identify something related to PIM ?