THREATOPS
THREAT OPSThreat News › Azure AD Graph Activity Logs: Ingestion and threat detection to close the visibility gap

Azure AD Graph Activity Logs: Ingestion and threat detection to close the visibility gap

medelastic_securityPublished 2026-06-19

<p>AAD Graph Activity Logs are now ingestible into Elastic and usable for threat detection within the <a href="https://www.elastic.co/security/xdr">SIEM/XDR solution</a>. That sentence shouldn't be exciting, but it is. For most of the past decade, this slice of telemetry simply didn't exist as a customer-accessible log stream. Microsoft Graph Activity Logs (the modern <em>graph.microsoft.com</em>

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.elastic.co/security-labs/aad-graph-activity-logs-threat-detection