Azure Active Directory - Evidence Collection by IP
  • 02 Apr 2025
  • 1 Minute to read
  • Dark
    Light
  • PDF

Azure Active Directory - Evidence Collection by IP

  • Dark
    Light
  • PDF

Article summary

Azure Active Directory - Evidence Collection by IP

Description

Azure Active Directory (AAD) is a cloud-based identity and access management service that enables organizations to securely manage user identities and access to applications and resources. With AAD, organizations can easily collect evidence of user activity by IP address. This evidence collection process is automated and can be used to monitor user activity and detect suspicious activity. AAD provides a secure platform for collecting evidence and can help organizations identify potential threats and take corrective actions. The evidence collection process can be used to investigate user activity, detect unauthorized access, and identify malicious actors. AAD also provides a secure platform for storing and analyzing evidence collected by IP address, allowing organizations to quickly identify and respond to potential threats. With AAD, organizations can ensure that user activity is monitored in a secure and compliant manner.

Trigger Request

  • HTTP Post Request

  • Headers:

KeyValue
Content-Typeapplication/json
  • Json body parameters:
ParametersTypeDescription
access_tokenstringA token for interacting with Microsoft Graph API.
alertIdstringThe triggering CDC alert ID.
ipstringAn IP address to collect the evidence for.

Supported CDC Versions

  • 2.8

Was this article helpful?