I noticed in 2 customers of mine that the Azure Identity Protection logs (risk detection|user) stopped being pulled and never recovered since August 10th.
Has anyone spotted or been aware of any changes from Microsoft that could have affected this TA from pulling the logs?
No changes were performed by the customer on the Azure management side and all other Azure inputs configured working as expected. I wasn't able to retrieve any specifics from Splunk internal logs to assist.
Is anything planned for the next release to cover this possible issue?
Hi Team,
I noticed in 2 customers of mine that the Azure Identity Protection logs (risk detection|user) stopped being pulled and never recovered since August 10th.
Has anyone spotted or been aware of any changes from Microsoft that could have affected this TA from pulling the logs?
No changes were performed by the customer on the Azure management side and all other Azure inputs configured working as expected. I wasn't able to retrieve any specifics from Splunk internal logs to assist.
Is anything planned for the next release to cover this possible issue?
Thank you.