Splunk Add on for Microsoft Azure | Splunkbase
You are currently in preview mode for new Splunkbase! To return to the original Splunkbase, click here.
Splunk Add on for Microsoft Azure app icon

Splunk Add on for Microsoft Azure

This add-on collects data from Microsoft Azure including the following: Azure AD Data - Users - Azure AD user data - Interactive Sign-ins - Azure AD sign-ins including conditional access policies and MFA - Directory audits - Azure AD directory changes including old and new values - Devices - Registered devices in Azure AD - Risk Detections Metrics Estimated billing and consumption Inventory metadata - Resource Groups - Resource group configuration - Virtual Machines - VM, Disk, Image, and Snapshot configurations - Virtual Networks - VNET, NSG, and Public IP configurations - Managed Disks - Subscriptions - Subscription name, ID, and type - Topology - IaaS relationships Azure Security Center - Alerts - Tasks Azure Resource Graph This add-on contains the following alert actions: - Stop Azure VM - stops an Azure Virtual Machine. - Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results. - Dismiss Azure Alert - dismisses an Azure Security Center alert. Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above.

Built by Splunk Works
splunk product badge

Latest Version 3.2.0
June 22, 2022
Compatibility
Platform Version: 9.0, 8.2, 8.1, 8.0
Rating

3

StarStarStarStarStar

(22)

Support
Splunk Add on for Microsoft Azure support icon
Not Supported
Learn more
Ranking

#22

in IT Operations

#20

in Security, Fraud & Compliance

This add-on collects data from Microsoft Azure including the following: Azure AD Data - Users - Azure AD user data - Interactive Sign-ins - Azure AD sign-ins including conditional access policies and MFA - Directory audits - Azure AD directory changes including old and new values - Devices - Registered devices in Azure AD - Risk Detections Metrics Estimated billing and consumption Inventory metadata - Resource Groups - Resource group configuration - Virtual Machines - VM, Disk, Image, and Snapshot configurations - Virtual Networks - VNET, NSG, and Public IP configurations - Managed Disks - Subscriptions - Subscription name, ID, and type - Topology - IaaS relationships Azure Security Center - Alerts - Tasks Azure Resource Graph This add-on contains the following alert actions: - Stop Azure VM - stops an Azure Virtual Machine. - Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results. - Dismiss Azure Alert - dismisses an Azure Security Center alert. Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above.

Categories

IT Operations, Security, Fraud & Compliance

Created By

Splunk Works

Type

addon

Downloads

40812

Resources

Login to report this app listing