Select Page

Azure AD logs

Welcome Forums Integrations Azure AD logs

Viewing 1 post (of 1 total)
  • Author
  • #1667
    Mike RiforgiateMike Riforgiate

    Create the App in Azure

    • Click “New registration”
    • Name it “WitFoo Precinct”
    • Select who can use the application (access the API)
    • Select “Web” and enter the Redirect URL in WitFoo Precinct at Admin->Settings->Azure AD
    • Click “Register”
    • Under Certificates & secrets click “New client secret” (give it a description and expiration)
    • Under Microsoft Graph Permissions Add the following minimum permissions:
      • Application: AuditLog.Read.All
      • Application: SecurityEvents.Read.All
      • Application: Directory.Read.All
    • Save the application

    Configure WitFoo Precinct

    • Go to Admin->SOAR->Azure Active Directory
    • Click the checkbox for Enable Azure AD Log Integration
    • Paste the Application ID, Secret key and Tenant ID
    • Click the disk icon (Save)
    • Click Jobs and use the search “Azure” to find Artifacts from Microsft Azure.  Select Artifacts from Microsft Azure.
    • Select Triggers and expand Interval Trigger. 
    • Inside the configuration, Toggle State to ENABLED.
    • The interval is set to 2 minutes by default, but you can update it to what best suits your organization.
    • Click the disk icon (Save)
    • Within 15 min “Azure” should be listed as a Artifact Source under Report->Tool Effectiveness->Artifact Source Types


Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.