Azure Active Directory

Version: Azure Active Directory.

Azure Active Directory (Azure AD), an aspect of Microsoft Entra, is an enterprise identity service that offers single sign-on, multifactor authentication, and conditional access to help protect against cybersecurity threats. Azure AD uses strong authentication and risk-based adaptive access policies to help protect access to resources and data.

Netsurion's Open XDR plaform facilitates monitoring events from the Azure Active Directory. The dashboard, categories, alerts, and reports interface in Netsurion's Open XDR plaform benefits in tracking azure active directory activities and changes to detect any suspicious activities performed on the Azure Active Directory.

Netsurion Data Source Integration for Azure Active Directory allow you to monitor the following components.

  • Security – Alerts and Reports for all security-related events.

Once Azure Active Directory log forwarding is enabled and Azure Active Directory logs are received in Netsurion's Open XDR platform, the alerts and reports can be configured within the platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Azure Active Directory - Sign in failure This alert indicates that an attempt was made to sign in without proper credentials.
Security Azure Active Directory - Sign in blocked This alert indicates that an attempt was made to sign in from a malicious IP or is not trusted by the Azure Active Directory devices.
Security Azure Active Directory - User risk detection This alert indicates that the user attempted a risky event in the Azure Active Directory.
Security Azure Active Directory - Audit operations failure This alert provides the details of the failed attempts made to any update operations in the Azure Active Directory.

Reports

Type Name Description
Security Azure Active Directory - Audit Operations This report provides a detailed summary of the audit and performance activities in the Azure Active Directory. It includes Tenant ID, User Mail ID, Activity Type along with their result, Activity Time, and Caller IP.
Security Azure Active Directory - Sign in Failures This report provides a detailed summary of the sign-in failure activities in the Azure Active Directory. It includes Source IP, Tenant ID, User Mail ID, Authentication Type, etc.
Security Azure Active Directory - Sign in Success This report provides a detailed summary of the sign-in success activities in the Azure Active Directory. It includes Source IP, Tenant ID, User Mail ID, Authentication Type, etc.

Documentation

The configuration details are consistent with Netsurion's Open XDR plaform version 9.3 or later, and Azure Active Directory.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept