Splunk Add on for Microsoft Azure

This add-on collects data from Microsoft Azure including the following: Microsoft Entra ID (formerly Azure Active Directory) Data - Users - Microsoft Entra ID user data - Interactive Sign-ins - Microsoft Entra ID sign-ins including conditional access policies and MFA - Directory audits - Microsoft Entra ID directory changes including old and new values - Devices - Registered devices - Groups - Risk Detection Microsoft Security Graph API Topology - IaaS relationships Azure Security Center - Alerts - Tasks Azure Resource Graph This add-on contains the following alert actions: - Stop Azure VM - stops an Azure Virtual Machine. - Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results. - Dismiss Azure Alert - dismisses an Azure Security Center alert. Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above. While this app is not formally supported, the developer can be reached at https://github.com/splunk/splunk-add-on-microsoft-azure/issues. Responses are made on a best-effort basis. Feedback is always welcome and appreciated!

Built by Splunk Works

Latest Version 4.2.0

November 15, 2024

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 6.x, 5.x, 4.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

Ranking

#24

in Security, Fraud & Compliance

#24

in IT Operations

This add-on collects data from Microsoft Azure including the following: Microsoft Entra ID (formerly Azure Active Directory) Data - Users - Microsoft Entra ID user data - Interactive Sign-ins - Microsoft Entra ID sign-ins including conditional access policies and MFA - Directory audits - Microsoft Entra ID directory changes including old and new values - Devices - Registered devices - Groups - Risk Detection Microsoft Security Graph API Topology - IaaS relationships Azure Security Center - Alerts - Tasks Azure Resource Graph This add-on contains the following alert actions: - Stop Azure VM - stops an Azure Virtual Machine. - Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results. - Dismiss Azure Alert - dismisses an Azure Security Center alert. Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above. While this app is not formally supported, the developer can be reached at https://github.com/splunk/splunk-add-on-microsoft-azure/issues. Responses are made on a best-effort basis. Feedback is always welcome and appreciated!