You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possibe to configure the TA to ship the userAgent field? Because when I compare with another TA [Splunk Add-on for Microsoft Office 365] [hxxps://splunkbase.splunk.com/app/4055], the userAgent field is present. It could be this is a technological limitation and it has nothing to do with the TA but I just want to confirm here.
When I compare the same raw log of the two TAs, this is how they differ.
Would it be possibe to configure the TA to ship the userAgent field? Because when I compare with another TA [Splunk Add-on for Microsoft Office 365] [hxxps://splunkbase.splunk.com/app/4055], the userAgent field is present. It could be this is a technological limitation and it has nothing to do with the TA but I just want to confirm here.
When I compare the same raw log of the two TAs, this is how they differ.
Splunk Add on for Microsoft Azure
"additionalDetails": null} "appDisplayName": "Microsoft Azure PowerShell" "appId": "1950a258-227b-4e31-a9cf-717495945fc2" "appliedConditionalAccessPolicies": []} "browser": "" "clientAppUsed": "Mobile Apps and Desktop clients" "conditionalAccessStatus": "notApplied" "correlationId": "94fb6cfc-503d-430e-9f55-7da0c4749622" "countryOrRegion": "CH" "createdDateTime": "2024-01-22T09:49:28Z" "deviceDetail": {"deviceId": "" "displayName": "" "failureReason": "Other." "geoCoordinates": {"altitude": null "ipAddress": "20.203.193.162" "isCompliant": false "isInteractive": true "isManaged": false "latitude": 47.37417 "location": {"city": "Zuerich" "longitude": 8.53695}} "operatingSystem": "Windows" "resourceDisplayName": "Windows Azure Service Management API" "resourceId": "797f4846-ba00-4fd7-ba43-dac1f8f63013" "riskDetail": "none" "riskEventTypes": [] "riskEventTypes_v2": [] "riskLevelAggregated": "none" "riskLevelDuringSignIn": "none" "riskState": "none" "state": "Zuerich" "status": {"errorCode": 0 "trustType": ""} "userDisplayName": "test_user" "userId": "0592b152-07cd-4ebe-a78c-ae48b9fee455" "userPrincipalName": "[email protected]" {"id": "3199c44f-04f0-4db9-88e8-9333f5a25d00"Splunk Add-on for Microsoft Office 365
"Actor": [{"ID": "0592b152-07cd-4ebe-a78c-ae48b9fee455" "ActorContextId": "2536c2cd-2c37-4f47-a66f-28d8362a8bf6" "ActorIpAddress": "20.203.193.162" "ApplicationId": "00000002-0000-0ff1-ce00-000000000000" "AzureActiveDirectoryEventType": 1 "ClientIP": "20.203.193.162" "DeviceProperties": [{"Name": "OS" "ErrorNumber": "399218"} "ExtendedProperties": [{"Name": "ResultStatusDetail" "Id": "3199c44f-04f0-4db9-88e8-933321a35d00" "InterSystemsId": "054cbda5-2cc1-bdfe-a80c-f8c9ed8a0f16" "IntraSystemId": "3199c44f-04f0-4db9-88e8-933321a35d00" "ModifiedProperties": [] "ObjectId": "00000002-0000-0ff1-ce00-000000000000" "Operation": "UserLoginFailed" "OrganizationId": "2536c2cd-2c37-4f47-a66f-28d8362a8bf6" "RecordType": 15 "ResultStatus": "Success" "SupportTicketId": "" "Target": [{"ID": "00000002-0000-0ff1-ce00-000000000000" "TargetContextId": "2536c2cd-2c37-4f47-a66f-28d8362a8bf6" "Type": 0} "Type": 0}] "Type": 5}] "UserId": "[email protected]" "UserKey": "0592b152-07cd-4ebe-a78c-ae48b9fee455" "UserType": 0 "Value": "1"} "Value": "Edge"}] "Value": "Login:login"}] "Value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML "Value": "Success"} "Value": "Windows10"} "Version": 1 "Workload": "AzureActiveDirectory" like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.56"} {"ID": "[email protected]" {"Name": "BrowserType" {"Name": "RequestType" {"Name": "UserAgent" {"Name": "UserAuthenticationMethod" {"CreationTime": "2024-01-22T09:49:29"The text was updated successfully, but these errors were encountered: