AnsweredAssumed Answered

Does RSA support collecting from this MS API

Question asked by Renee Russell on Apr 3, 2019

The API we are being asked to get data from is:



I see documented that these are supported:


  • Audit_AzureActiveDirectory
  • Audit Exchange
  • Audit. SharePoint
  • Audit_General (includes all other workloads not included in the previous content types)
  • DLP All (DLP events only for all workloads)


  • azureaudit: collects management logs
  • azure_ad_signin: collects Active Directory sign-in logs
  • azure_ad_audit: collects Active Directory audit logs


I do not seem to have visibility into what these are collecting so have no idea what they talk to and am being asked to provide a feasibility of collecting from that API. I have spent days trying to tease out this answer and cannot, would anyone be able to say if and where this api can be called?