Data Source: Azure Active Directory

Date: 2024-07-18

ID: 51ca21e5-bda2-4652-bb29-27c7bc18a81c

Author: Patrick Bareiss, Splunk

Description

All Azure Active Directory events

Details

Property	Value
Source	`Azure AD`
Sourcetype	`azure:monitor:aad`
Separator	operationName

Supported Apps

Splunk Add-on for Microsoft Cloud Services (version 6.0.0)

Required Output Fields

dest
user
src
vendor_account
vendor_product

Source: GitHub | Version: 1