Web: https://www.reddit.com/r/AZURE/comments/s1ble3/azure_sentinel_getting_account_from_aad_group/

Jan. 11, 2022, 12:16 p.m. | /u/rexthriller

Microsoft Azure reddit.com

Hello everyone, Im in the process of setting up a automatic watchlist update for sentinel. Where whenever a AAD User is added to a specific AAD group, the given users data will be put into a sentinel watchlist. (Like in picture 1)


The way I have set it up at the moment is that the alert rule triggers on whenever a user is added to the given AAD group it pulls the log file.


That's all well and good but the log file that is pulled, mainly inlcludes …


Azure Cloud Engineer (Remote - Canada)

@ Rackspace | Canada - Toronto

Platform Engineer

@ Cyted | Cambridge, United Kingdom

Linux-/DevOps Engineer

@ Solvinity | Assen, Netherlands

Azure Cloud Architect (Remote - Canada)

@ Rackspace | Canada - Remote

Azure Senior Cloud Engineer (Remote)

@ Rackspace | United States - Remote

AWS Cloud Architect (Remote)

@ Rackspace | United States - San Antonio