- 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Azure Active Directory - Evidence Collection by IP
- Updated on 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Azure Active Directory - Evidence Collection by IP
Description
Azure Active Directory (AAD) is a cloud-based identity and access management service that enables organizations to securely manage user identities and access to applications and resources. With AAD, organizations can easily collect evidence of user activity by IP address. This evidence collection process is automated and can be used to monitor user activity and detect suspicious activity. AAD provides a secure platform for collecting evidence and can help organizations identify potential threats and take corrective actions. The evidence collection process can be used to investigate user activity, detect unauthorized access, and identify malicious actors. AAD also provides a secure platform for storing and analyzing evidence collected by IP address, allowing organizations to quickly identify and respond to potential threats. With AAD, organizations can ensure that user activity is monitored in a secure and compliant manner.
Trigger Request
HTTP Post Request
Headers:
Key | Value |
---|---|
Content-Type | application/json |
- Json body parameters:
Parameters | Type | Description |
---|---|---|
access_token | string | A token for interacting with Microsoft Graph API. |
alertId | string | The triggering CDC alert ID. |
ip | string | An IP address to collect the evidence for. |
Supported CDC Versions
- 2.8