-
Notifications
You must be signed in to change notification settings - Fork 12
Home
Jason Conger edited this page Jun 9, 2022
·
29 revisions
This add-on collects data from Microsoft Azure including the following:
Azure AD Data
- Users - Azure AD user data
- Interactive Sign-ins - Azure AD sign-ins including conditional access policies and MFA
- Directory audits - Azure AD directory changes including old and new values
- Devices - Registered devices in Azure AD
- Risk Detections Metrics Estimated billing and consumption Inventory metadata
- Resource Groups - Resource group configuration
- Virtual Machines - VM, Disk, Image, and Snapshot configurations
- Virtual Networks - VNET, NSG, and Public IP configurations
- Managed Disks
- Subscriptions - Subscription name, ID, and type
- Topology - IaaS relationships Azure Security Center
- Alerts
- Tasks Azure Resource Graph
This add-on contains the following alert actions:
- Stop Azure VM - stops an Azure Virtual Machine.
- Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results.
- Dismiss Azure Alert - dismisses an Azure Security Center alert.
Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above.
- Create an Azure AD App Registration
- Configure Permissions for an Azure AD App Registration
- Connect to your Azure Account with Splunk Add-on for Microsoft Azure
- Configure Azure Active Directory inputs
- Configure Azure Metrics inputs
- Configure Security Center Alerts & Tasks inputs
- Configure Azure Subscriptions inputs
- Configure Azure Resource Groups inputs
- Configure Azure Virtual Network inputs
- Configure Azure Compute inputs
- Configure Azure KQL Log Analytics inputs
- Configure Azure Billing and Consumption inputs
- Configure Azure Reservation Recommendation inputs
- Configure Azure Resource Graph inputs
- Configure Azure Topology inputs