Closed creatoni4 closed 4 years ago
chris-counteractive
commented
4 years ago Thank you @creatoni4, we've definitely considered this and I'll add it to the roadmap - I think you're right, the main question is whether it's in o365beat or a separate beat. I'll keep this issue open and update it when we've made any progress. I appreciate the feedback!
creatoni4
commented
4 years ago glad to hear that! in security perspective i believe this should be different beats. Different Azure Apps with different secrets for each API engine. (o365 management API, Microsoft Graph API)
ion-storm
commented
4 years ago Would love to see this compatible with the beta api: https://developer.microsoft.com/en-us/graph/blogs/changes-to-risk-event-properties-and-identity-protection-apis-on-microsoft-graph/
chris-counteractive
commented
4 years ago In addition to o365 support through an official o365 module, filebeat has an azure module as well. Not sure its full capabilities, but I'm confident they have the resources and incentives to stay on top of any feature requests. Thanks for the issue, and for your engagement with the project!
Hello, excellent beat 👍 appreciate your work.
unfortunately i couldn't find events I'm looking for with o365beat cause they are in different API.
I'm not developer so maybe you can take a look to this 3 API: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-graph-api and make AzureRiskBeat clonned from your 0365beat or sort of? Getting data look familiar with what you're doing... just differnnet API (again i'm not developer so this is only opinion)
Also I've seen logstash plugin related to Azure Event Hub. Also it's look similar with what you are doing with o365beat. I'm personally prefer beat as a source of data and then send data to logstash. Maybe than might be another AzureEventHubBeat?