Hello everyone, we are trying to get Azure Information Protection data into Splunk, specifically, we need to get insights on who are the users that uses Azure Information Protection to classify files. I really don't have any experience with Azure and Microsoft Cloud, and from my researches I've found some add-ons, but don't know if they're useful or not. Splunk add-on for Microsoft Graph API: this seems only importing security alerts related to (also) AIP. Splunk add-on for Microsoft Cloud Services: it allows to pull data directly from Azure assets, but don't know if AIP data are in the perimeter. Microsoft Azure add-on for Splunk: it allows collection of a large perimeter of informations, but same as the previous point. Can you help me to clear my mind on this variety of add-ons and see if one of those add-ons (or maybe another one that i forgot to mention) is suitable for our needs? Thank you so much.
... View more