Web: https://www.reddit.com/r/AZURE/comments/s1ble3/azure_sentinel_getting_account_from_aad_group/

Jan. 11, 2022, 12:16 p.m. | /u/rexthriller

Microsoft Azure reddit.com

Hello everyone, Im in the process of setting up a automatic watchlist update for sentinel. Where whenever a AAD User is added to a specific AAD group, the given users data will be put into a sentinel watchlist. (Like in picture 1)

pic1

The way I have set it up at the moment is that the alert rule triggers on whenever a user is added to the given AAD group it pulls the log file.

https://preview.redd.it/by2ggooav1b81.png?width=1013&format=png&auto=webp&s=a1ae3a1a0efe575c2b1e8f68e2c9c3a1d71963fc

That's all well and good but the log file that is pulled, mainly inlcludes …

azure

Azure Cloud Engineer (Remote - Canada)

@ Rackspace | Canada - Toronto

Platform Engineer

@ Cyted | Cambridge, United Kingdom

Linux-/DevOps Engineer

@ Solvinity | Assen, Netherlands

Azure Cloud Architect (Remote - Canada)

@ Rackspace | Canada - Remote

Azure Senior Cloud Engineer (Remote)

@ Rackspace | United States - Remote

AWS Cloud Architect (Remote)

@ Rackspace | United States - San Antonio