Entra ID logs can be exported with a powershell script but exporting them requires microsoft graph and Powershell version 7 so part of the LME instructions must include downloading all dependencies to get them.
Identity logs are valuable and in LME 2.0, the rearchitecture will allow us to bring in new logs from Azure Active Directory.
We should look into ways to collect Entra logs and what infrastructure changes would we need to make to LME to do it.
rgbrow1949
commented
3 weeks ago
Part 1 of 2 for #246 (Part 2: #308)
Entra ID logs can be exported with a powershell script but exporting them requires microsoft graph and Powershell version 7 so part of the LME instructions must include downloading all dependencies to get them.
Identity logs are valuable and in LME 2.0, the rearchitecture will allow us to bring in new logs from Azure Active Directory.
We should look into ways to collect Entra logs and what infrastructure changes would we need to make to LME to do it.
Available tools:
Ethan Bowen's Export-AAD tool: https://github.com/25004/Export-AAD.git Untitled Good Tool: https://github.com/cisagov/untitledgoosetool