-
Notifications
You must be signed in to change notification settings - Fork 388
/
Copy pathazure_active_directory_microsoftgraphactivitylogs.yml
34 lines (34 loc) · 2.29 KB
/
azure_active_directory_microsoftgraphactivitylogs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: Azure Active Directory MicrosoftGraphActivityLogs
id: 63ff93ba-2bbb-4542-8773-239bf5266367
version: 1
date: '2025-02-21'
author: Bhavin Patel, Splunk
description: Data source object for Azure Active Directory MicrosoftGraphActivityLogs
source: Azure AD
sourcetype: azure:monitor:aad
separator: operationName
supported_TA:
- name: Splunk Add-on for Microsoft Cloud Services
url: https://splunkbase.splunk.com/app/3110
version: 5.4.3
fields:
- _time
example_log: '{"time": "2024-04-30T01:22:46.4948958Z", "resourceId": "/TENANTS/225E05A1-5914-4688-A404-7030E60F3143/PROVIDERS/MICROSOFT.AADIAM",
"operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category":
"MicrosoftGraphActivityLogs", "resultSignature": "200", "durationMs": "948894",
"callerIpAddress": "45.83.145.6", "correlationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
"level": "Informational", "location": "East US 2", "properties": {"__UDI_RequiredFields_TenantId":
"225e05a1-5914-4688-a404-7030e60f3143", "__UDI_RequiredFields_UniqueId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
"__UDI_RequiredFields_EventTime": 638500369660000000, "__UDI_RequiredFields_RegionScope":
"NA", "timeGenerated": "2024-04-30T01:22:46.4948958Z", "location": "East US 2",
"requestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "operationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b",
"clientRequestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "apiVersion": "beta",
"requestMethod": "GET", "responseStatusCode": 200, "tenantId": "225e05a1-5914-4688-a404-7030e60f3143",
"durationMs": 948894, "responseSizeBytes": 91, "signInActivityId": "KRsphQ_4s0-oHv_Br8qSAQ",
"roles": "", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "UserPrincipalObjectID":
"7b934539-7366-494e-a8ac-3517694d32db", "scopes": "AuditLog.Read.All Directory.AccessAsUser.All
email openid profile", "identityProvider": "", "clientAuthMethod": "0", "wids":
"b79fbf4d-3ef9-4689-8143-76b194e85509", "C_Idtyp": "user", "C_Iat": "1714439850",
"ipAddress": "45.83.145.6", "userAgent": "azurehound/v2.1.8", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/ffe3e001-d8cf-43a4-89ab-bfce35fd7786/owners?%24top=999",
"userId": "7b934539-7366-494e-a8ac-3517694d32db", "tokenIssuedAt": "2024-04-30T01:17:30.0000000Z"},
"tenantId": "225e05a1-5914-4688-a404-7030e60f3143"}'