Azure Active Directory

Version: Azure Active Directory.

Azure Active Directory (Azure AD), an aspect of Microsoft Entra, is an enterprise identity service that offers single sign-on, multifactor authentication, and conditional access to help protect against cybersecurity threats. Azure AD uses strong authentication and risk-based adaptive access policies to help protect access to resources and data.

Netsurion Open XDR facilitates monitoring events from the Azure Active Directory. The dashboard, categories, alerts, and reports interface in Netsurion Open XDR benefits in tracking azure active directory activities and changes to detect any suspicious activities performed on the Azure Active Directory.

Netsurion Data Source Integration for Azure Active Directory allow you to monitor the following components.

  • Security – Alerts and Reports for all security-related events.

Once Azure Active Directory log forwarding is enabled and Azure Active Directory logs are received in Netsurion Open XDR, the alerts and reports can be configured within the platform.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Azure Active Directory – Sign in failure This alert indicates that an attempt was made to sign in without proper credentials.
Security Azure Active Directory – Sign in blocked This alert indicates that an attempt was made to sign in from a malicious IP or is not trusted by the Azure Active Directory devices.
Security Azure Active Directory – User risk detection This alert indicates that the user attempted a risky event in the Azure Active Directory.
Security Azure Active Directory – Audit operations failure This alert provides the details of the failed attempts made to any update operations in the Azure Active Directory.

Reports

Type Name Description
Security Azure Active Directory – Audit Operations This report provides a detailed summary of the audit and performance activities in the Azure Active Directory. It includes Tenant ID, User Mail ID, Activity Type along with their result, Activity Time, and Caller IP.
Security Azure Active Directory – Sign in Failures This report provides a detailed summary of the sign-in failure activities in the Azure Active Directory. It includes Source IP, Tenant ID, User Mail ID, Authentication Type, etc.
Security Azure Active Directory – Sign in Success This report provides a detailed summary of the sign-in success activities in the Azure Active Directory. It includes Source IP, Tenant ID, User Mail ID, Authentication Type, etc.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and Azure Active Directory.

Download Integration Guide and How-to Guide for configuration instructions and more information.