AAD Log Analytics Sentinel

Project Log 0 : Monitor logins by accounts assigned Azure AD roles

I started to create a solution, that would list logins based on the users Azure AD admin role. This can be achieved with the use of externalData() operator, and combination of Azure Workbooks,Storage and Functions.

Project description

  • Show admin name and roles, and group events under username attribute
    • Admin list is fetched from storageAccount, which provides the list for admins and roles
    • The list is update every hour by Azure Function that has output binding to the Storage Account
  • Change the desired daterange on picker below to extend monitoring range
Picture from the honeypot environment

Logic to get updated list from Azure Function

Stay tuned for pt2

Br Joosua!

0 comments on “Project Log 0 : Monitor logins by accounts assigned Azure AD roles


Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:


Olet kommentoimassa WordPress.com -tilin nimissä. Log Out /  Muuta )


Olet kommentoimassa Facebook -tilin nimissä. Log Out /  Muuta )

Muodostetaan yhteyttä palveluun %s

%d bloggaajaa tykkää tästä: