Azure Active Directory - Investigation IP
- 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Azure Active Directory - Investigation IP
- Updated on 02 Apr 2025
- 1 Minute to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Azure Active Directory - Investigation IP
Description
Azure Active Directory (AAD) Investigation IP is an automation that allows users to quickly and easily investigate IP addresses associated with their Azure Active Directory (AAD) environment. This automation allows users to quickly and efficiently identify IP addresses associated with their AAD environment, and then take action on those IP addresses. The automation uses the AAD Graph API to query the AAD environment and retrieve the list of IP addresses associated with the environment. Once the list of IP addresses is retrieved, the automation can then be used to take action on the IP addresses, such as blocking them or taking other security measures. This automation is ideal for organizations that need to quickly and efficiently investigate IP addresses associated with their AAD environment in order to protect their environment from malicious activity.
Trigger Request
HTTP Post Request
Headers:
| Key | Value |
|---|---|
| Content-Type | application/json |
- Json body parameters:
| Parameters | Type | Description |
|---|---|---|
| accessToken | string | Gets a token for interacting with Microsoft Graph API. |
| alertId | string | The triggering CDC alert ID. |
| threadId | string | The CDC message thread ID to send the output to. |
| userActivity | array | An array of the user’s recent sign-in activity. Retrieved from the evidence collection flow. |
Supported CDC Versions
- 2.8
Was this article helpful?