Re: How do we ingest microsoft azure AD sign-in lo...

anandhalagarasa · ‎03-13-2019

Hi Team,

When i logged into Azure portal and navigate to Azure Active Directory and in monitoring I need to ingest the Sign-ins logs into Splunk.

How can I able to ingest those logs into Splunk? Do we have any procedure or document to ingest those logs into Splunk. We already have Splunk Add-On For Microsoft Cloud Services installed in our Search head server.

So kindly help on the request.

nickhills · ‎03-13-2019

Splunk changed some of the functionality of that app, and moved it to/improved this new version:
https://splunkbase.splunk.com/app/4055/

This gives you all of the Azure AD logins, (and exchange, sharepoint, onedrive) etc.
I am using this app, and its very effective.

If my comment helps, please give it a thumbs up!

lmjoin · ‎04-18-2019

Need to know one thing splunk heavy forwarder need to be installed on azure cloud VM or these send data to search head .

bseader · ‎10-24-2019

Sorry to be late to this party. The app can be installed on a HF. The HF can be on-prem and will poll data from Azure. There is some azure configuration required for the application to connect to your tenants.

How do we ingest microsoft azure AD sign-in logs into Splunk?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...