将Azure AD安全报告流式传输到事件中心 [英] Stream Azure AD security report to Event hub

问题描述

专家您好，

使用Azure AD高级版P2或P1可以实现包括风险登录在内的安全性，可以通过某种方式将其流式传输到Azure事件中心中，以便与诸如Qradar之类的SIEM进一步集成.

With Azure AD premium P2 or P1 there are the security which includes risky-sign ins, is there are way this can streamed into Azure event hub for further integration with a SIEM such as Qradar.

谢谢

推荐答案

不仅仅风险登录，也可以将所有登录日志流式传输到事件集线器或Blob存储.

no specific only the risky sign-ins, but you can stream all sign-in logs to event-hub or blob storage.

转到AAD->登录日志->导出数据设置

Go to AAD -> Sign-in Logs -> Export Data Settings

在此处输入事件中心的值.

Enter the values of your event hub there.

您将在通过中心收到的登录消息中拥有一个属性，其中包含风险状态以及其他信息，例如条件访问.

You will have a property on the sign-in messages that will come through the hub that contains the risk state and also other information like conditional access.

我只是和功能结合在一起玩了.

I just did play around a bit in combination with functions.

/Peter 

/Peter 

这篇关于将Azure AD安全报告流式传输到事件中心的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！