Re: Microsoft Azure Add-on for Splunk - non-intera...

wstarowicz · ‎10-22-2020

Hi, I'm trying to get Sign-ins for Azure. It seems that add-on is only fetching interactive sign-ins and not-interactive not. IS there a possibility to fetch these also? They are showing in Azure console as "User sign-ins (non-interactive)"

.

hughkelley · ‎06-09-2021

Azure AD sign-in logs -> Azure event hub -> Splunk.

Just make sure you're using v4.1.3 of the Splunk Add-on for Microsoft Cloud Services. Prior versions didn't handle event hubs properly.

https://splunkbase.splunk.com/app/3110/

hughkelley · ‎06-02-2021

The latest version of the Splunk Add-on for Microsoft Cloud Services (4.1.3) reads from event hubs. You can send the non-interactive sign-in Azure logs to an event hub and then consume from there.

hughkelley · ‎05-27-2021

I'm looking for the same. Based on this blog and my poking around the Graph API, I don't think they're easily accessible.

https://www.michev.info/Blog/Post/3127/azure-ad-sign-in-logs-for-service-principals-and-other-recent...

I'm looking into the Log Analytics Space -> Splunk options now.

Microsoft Azure Add-on for Splunk - non-interactive signins

configuration

development

troubleshooting

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability