<span class="pill kill-chain">_time</span>
</div>
Data Source: Azure Active Directory MicrosoftGraphActivityLogs
Description
Data source object for Azure Active Directory MicrosoftGraphActivityLogs
Details
Property | Value |
---|---|
Source | Azure AD |
Sourcetype | azure:monitor:aad |
Separator | operationName |
Supported Apps
- Splunk Add-on for Microsoft Cloud Services (version 5.4.3)
Event Fields
Example Log
1{"time": "2024-04-30T01:22:46.4948958Z", "resourceId": "/TENANTS/225E05A1-5914-4688-A404-7030E60F3143/PROVIDERS/MICROSOFT.AADIAM", "operationName": "Microsoft Graph Activity", "operationVersion": "beta", "category": "MicrosoftGraphActivityLogs", "resultSignature": "200", "durationMs": "948894", "callerIpAddress": "45.83.145.6", "correlationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "level": "Informational", "location": "East US 2", "properties": {"__UDI_RequiredFields_TenantId": "225e05a1-5914-4688-a404-7030e60f3143", "__UDI_RequiredFields_UniqueId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "__UDI_RequiredFields_EventTime": 638500369660000000, "__UDI_RequiredFields_RegionScope": "NA", "timeGenerated": "2024-04-30T01:22:46.4948958Z", "location": "East US 2", "requestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "operationId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "clientRequestId": "8fb849dd-2abe-4c3e-b202-d71af8d1555b", "apiVersion": "beta", "requestMethod": "GET", "responseStatusCode": 200, "tenantId": "225e05a1-5914-4688-a404-7030e60f3143", "durationMs": 948894, "responseSizeBytes": 91, "signInActivityId": "KRsphQ_4s0-oHv_Br8qSAQ", "roles": "", "appId": "1950a258-227b-4e31-a9cf-717495945fc2", "UserPrincipalObjectID": "7b934539-7366-494e-a8ac-3517694d32db", "scopes": "AuditLog.Read.All Directory.AccessAsUser.All email openid profile", "identityProvider": "", "clientAuthMethod": "0", "wids": "b79fbf4d-3ef9-4689-8143-76b194e85509", "C_Idtyp": "user", "C_Iat": "1714439850", "ipAddress": "45.83.145.6", "userAgent": "azurehound/v2.1.8", "requestUri": "https://graph.microsoft.com/beta/servicePrincipals/ffe3e001-d8cf-43a4-89ab-bfce35fd7786/owners?%24top=999", "userId": "7b934539-7366-494e-a8ac-3517694d32db", "tokenIssuedAt": "2024-04-30T01:17:30.0000000Z"}, "tenantId": "225e05a1-5914-4688-a404-7030e60f3143"}
Source: GitHub | Version: 1