IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Microsoft Azure Active Directory Log Source vs Microsoft Office 365 Azure AD Logs?

  • 1.  Microsoft Azure Active Directory Log Source vs Microsoft Office 365 Azure AD Logs?

    Posted Thu June 15, 2023 09:06 AM

    Hello,

    I have recently added the following two log sources to a deployment:

    1. Microsoft Azure Active Directory using Azure Event Hubs
    2. Microsoft Office 365 using Rest API

    I saw that in the configuration for the Office365 Logs, one can choose "Azure Active Directory" as an event filter. 

    I was wondering, what the difference in Azure AD logs is coming from the Microsoft Azure AD Log Source compared to the Office 365 Log Source. Do the Office365 Azure AD Logs contain all the same logs as the Microsoft Azure AD Log Source? Do some of the logs contain more of the information compared to the other log source? Or would it be possible to simply disable the Microsoft Azure AD Log Source if the same logs are supplied by the Office 365 Log Source.

    Thanks for any help.



    ------------------------------
    Adem Ruznic
    ------------------------------