From f350945e083cbe3a5854385abae5ec04d3679913 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla <144174402+rahulkaukuntla@users.noreply.github.com> Date: Mon, 6 Nov 2023 10:42:14 -0500 Subject: [PATCH 1/3] Update README.md Added a blurb under the Events section of the Azure Active Directory integration readme. This blurb discusses credential expiry events. --- azure_active_directory/README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/azure_active_directory/README.md b/azure_active_directory/README.md index fb178770bc2d2..0e96d81f18e8d 100644 --- a/azure_active_directory/README.md +++ b/azure_active_directory/README.md @@ -56,6 +56,21 @@ This includes the following: Azure Active Directory does not include any metrics. +### Events + +Datadog sends *credential expiry events*, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The *Azure Active Directory* integration must be installed to receive events for Azure App Registrations. + + +- **Expiration events** are sent 60, 30, 15, and 1 day(s) before credential expiration, and once after expiration. +- **Missing permission events** are sent every 15 days. A missing permission event lists the Key Vaults for which Datadog has not been given permissions. If no changes have been made regarding Key Vault permissions in the pervious 15-day cycle, the event notification is not sent again. + +You can view these events in [Event Explorer][5]. + +**Notes**: + +- To collect Azure app registration expiration events, [enable access to the Microsoft Graph API][6]. +- If a certificate and its associated key and secret expire at the exact same time, one expiration event is sent for all resources. + ## Troubleshooting Need help? Contact [Datadog support][4]. @@ -64,3 +79,5 @@ Need help? Contact [Datadog support][4]. [2]: https://docs.datadoghq.com/logs/guide/azure-logging-guide/ [3]: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/tutorial-azure-monitor-stream-logs-to-event-hub [4]: https://docs.datadoghq.com/help +[5]: https://app.datadoghq.com/event/explorer +[6]: https://docs.datadoghq.com/integrations/guide/azure-graph-api-permissions/ From 95d78acb372842e4ea91646ba85f0ee976ec7f39 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla <144174402+rahulkaukuntla@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:21:00 -0500 Subject: [PATCH 2/3] Update README.md pervious to previous --- azure_active_directory/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure_active_directory/README.md b/azure_active_directory/README.md index 0e96d81f18e8d..58274e828715d 100644 --- a/azure_active_directory/README.md +++ b/azure_active_directory/README.md @@ -62,7 +62,7 @@ Datadog sends *credential expiry events*, which grant visibility into credential - **Expiration events** are sent 60, 30, 15, and 1 day(s) before credential expiration, and once after expiration. -- **Missing permission events** are sent every 15 days. A missing permission event lists the Key Vaults for which Datadog has not been given permissions. If no changes have been made regarding Key Vault permissions in the pervious 15-day cycle, the event notification is not sent again. +- **Missing permission events** are sent every 15 days. A missing permission event lists the Key Vaults for which Datadog has not been given permissions. If no changes have been made regarding Key Vault permissions in the previous 15-day cycle, the event notification is not sent again. You can view these events in [Event Explorer][5]. From bff2d1daf84da20601880927e8e57daf3031aa6b Mon Sep 17 00:00:00 2001 From: rahulkaukuntla <144174402+rahulkaukuntla@users.noreply.github.com> Date: Mon, 6 Nov 2023 13:22:33 -0500 Subject: [PATCH 3/3] Update azure_active_directory/README.md highlight important information Co-authored-by: May Lee --- azure_active_directory/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure_active_directory/README.md b/azure_active_directory/README.md index 58274e828715d..91f2452e462be 100644 --- a/azure_active_directory/README.md +++ b/azure_active_directory/README.md @@ -58,7 +58,7 @@ Azure Active Directory does not include any metrics. ### Events -Datadog sends *credential expiry events*, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The *Azure Active Directory* integration must be installed to receive events for Azure App Registrations. +Datadog sends credential expiry events, which grant visibility into credential expirations for Azure app registrations, Key Vault keys, Key Vault secrets, and Key Vault certificates. The Azure Active Directory integration must be installed to receive events for Azure App Registrations. - **Expiration events** are sent 60, 30, 15, and 1 day(s) before credential expiration, and once after expiration.