All,
I am currently working with Splunk Add-on for Microsoft Office 365 4.5.1 on Linux. All inputs enabled and collecting.
I am trying to see who approved a Privileged Identity Management event. I can't find the relevant events in Splunk but I do find them in Entra ID and Microsoft Purview dashboards?
1. Is there a TA I am missing?
2. If indeed this TA is not correctly scripting this data in, do I open a support case? Or is there another custom way to his that endpoint and snag that data.
thanks,
-Daniel
Hi @daniel333 ,
not all the data source from Azure and Office 365 is free, someone is subject to a fee.
Check if the data source you want is one of them.
In addition, you could ask help to Splunk Support,, don't ask help to Microsoft Support because they always answer: "ask to splunk", because Splunk is considered a competitor by Microsoft.
Ciao.
Giuseppe