专家您好,
使用Azure AD高级版P2或P1可以实现包括风险登录在内的安全性,可以通过某种方式将其流式传输到Azure事件中心中,以便与诸如Qradar之类的SIEM进一步集成.
With Azure AD premium P2 or P1 there are the security which includes risky-sign ins, is there are way this can streamed into Azure event hub for further integration with a SIEM such as Qradar.
谢谢
推荐答案
不仅仅风险登录,也可以将所有登录日志流式传输到事件集线器或Blob存储.
no specific only the risky sign-ins, but you can stream all sign-in logs to event-hub or blob storage.
转到AAD->登录日志->导出数据设置
Go to AAD -> Sign-in Logs -> Export Data Settings
在此处输入事件中心的值.
Enter the values of your event hub there.
您将在通过中心收到的登录消息中拥有一个属性,其中包含风险状态以及其他信息,例如条件访问.
You will have a property on the sign-in messages that will come through the hub that contains the risk state and also other information like conditional access.
我只是和功能结合在一起玩了.
I just did play around a bit in combination with functions.
/Peter
/Peter
更多推荐
将Azure AD安全报告流式传输到事件中心
发布评论