Versions Compared

Old Version 7

changes.mady.by.user Aparna Rr

Saved on

compared with

New Version 8

changes.mady.by.user Aparna Rr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Log Type

 Ingestion label

Preferred Logging Protocol - Format

Log Collection Method

Data Source

Azure AD

 AZURE_AD

JSON

C2C

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure-ad

Azure AD Directory Audit

 AZURE_ADAZURE_AD_AUDIT

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure-ad-audit

Azure AD Organizational Context

AZURE_AD_AUDIT

JSON

C2C

Feed management API  |  Chronicle  |  Google Cloud CONTEXT

https://cloud.google.com/chronicle/docs/reference/feed-management-api#azure-ad-context

Device Configuration

For Microsoft Entra ID via 3RD Party API (Preferred):

...

To access the Microsoft Entra reporting API, you must grant your app Read directory data and Read all audit log data permissions for the Microsoft Graph API.

  1. Select API Permissions > Add a permission

...

  1. Select Microsoft Graph > Application permissions.

  2. Select the Application permissions option.

  3. Add AuditLog.Read.All ,Directory.Read.All and SecurityEvents.Read.All then select the Add permissions button.

...