Actions222
- Application Baseline Actions
- Attack Surface Actions
- Backup Software Actions
- EDR Actions
- Tags Actions
- PII Actions
- External Scan Actions
- Settings Actions
- Compliance Assessment Actions
- Reports Actions
- Compliance Actions
- Jobs Actions
- Active Directory Actions
- Retrieve Ad Roles
- Retrieve Ad User Licenses
- Retrieve Azure Licenses
- Retrieve Azure Ad Logs
- Retrieve Azure Secure Score
- Retrieve Ad Password Policies
- Retrieve Ad Groups View
- Retrieve Ad Ous View
- Retrieve Ad Gpos View
- Retrieve Ad Computers View
- Retrieve Ad Users View
- Retrieve Ad Domain Details
- Retrieve Ad Gpos Details
- Retrieve Get Ous Details
- Retrieve Get Groups Details
- Retrieve Ad Group Users
- Retrieve Ad Group Computers
- Retrieve Get User Details
- Retrieve Get Computer Details
- Retrieve Ad Roles Details
- Retrieve Ad Roles Member
- Retrieve Ad Basic Info
- Audit Log Actions
- Ad Audit Actions
- Asset Data Actions
- Retrieve Bios Info
- Retrieve Bio Info
- Retrieve Browser Extensions
- Retrieve Browser Extension
- Retrieve Ciphers View
- Retrieve Cipher View
- Retrieve Windows Protection Status
- Retrieve Window Protection Status
- Retrieve Asset Compliance Report Card
- Retrieve Asset Firewall Policy
- Retrieve Asset Installed Drivers
- Retrieve Asset Installed Driver
- Retrieve Asset Interface
- Retrieve Asset Msdt
- Retrieve Asset Ports
- Retrieve Asset Port
- Retrieve Asset Security Report Data
- Retrieve Asset Security Report Datum
- Retrieve Asset Shares
- Retrieve Asset Share
- Retrieve Asset Storages
- Retrieve Asset Storage
- Retrieve Asset Unqouted Services
- Retrieve Asset Unqouted Service
- Retrieve Asset User Shares
- Retrieve Asset User Share
- Retrieve Asset Video Info
- Retrieve Asset Windows Reboot Required
- Retrieve Asset Window Reboot Required
- Vulnerabilities Actions
- Firewall Actions
- Integration Actions
- Retrieve Integration Credentials
- Retrieve Integration Credential
- Create Integration Credential
- Update Integration Credential
- Delete Integration Credential
- Retrieve Integration Rules
- Retrieve Integration Rule
- Create Integration Rule
- Update Integration Rule
- Delete Integration Rule
- Retrieve Company Mappings
- Retrieve Company Mapping
- Create Company Mapping
- Update Company Mapping
- Delete Company Mapping
- Event Set Actions
- Ticket Template Actions
- Scheduler Actions
- Credentials Actions
- Asset Actions
- Retrieve Records
- Retrieve Assets
- Retrieve Asset
- Create Asset
- Update Asset
- Delete Asset
- Retrieve Asset Stats
- Retrieve Asset Stat
- Retrieve Asset View
- Retrieve Cron Jobs
- Retrieve Kernel Modules
- Retrieve Suid Permissions
- Retrieve Ufw Firewall Rules
- Retrieve Selinux Settings
- Retrieve Asset Iptables Rules
- Retrieve Asset Users
- Retrieve Asset Processes Running
- Retrieve Asset Services
- Retrieve Asset Patches Info
- Retrieve Asset Firewall Rules
- Retrieve Asset Registry Misconfiguration
- Retrieve Asset Open Ports
- Retrieve Notification Tickets View
- Retrieve System Events View
- Discovery Settings Actions
- Retrieve Discovery Settings
- Retrieve Discovery Setting
- Create Discovery Setting
- Update Discovery Setting
- Delete Discovery Setting
- Retrieve Agent Discoverysettings Mapping
- Retrieve Agent Discoverysetting Mapping
- Create Agent Discoverysetting Mapping
- Update Agent Discoverysetting Mapping
- Delete Agent Discoverysetting Mapping
- Auth Actions
- Company Actions
- Agent Actions
Overview
This node operation allows users to retrieve Azure Active Directory (Azure AD) logs. It is useful for scenarios where monitoring, auditing, or analyzing user activities and system events within an Azure AD environment is required. For example, security teams can use this node to fetch logs related to user sign-ins, changes in directory roles, or other administrative actions to ensure compliance and detect suspicious activities.
Properties
| Name | Meaning |
|---|---|
| X USER ID | The User Id header value to identify the user making the request. |
| Condition | A query condition string to filter the logs based on specific criteria. |
| Skip | Number of records to skip in the result set, useful for pagination. |
| Limit | Maximum number of log records to return. |
| Order By | Field name(s) to order the results by, e.g., timestamp or event type. |
Output
The output consists of JSON data representing the retrieved Azure AD logs. Each item in the output corresponds to a log entry matching the specified query parameters. The structure typically includes details such as event timestamps, user information, event types, and other relevant metadata from Azure AD logs.
No binary data output is indicated for this operation.
Dependencies
- Requires an API key credential for authenticating with the Azure Active Directory service.
- The node depends on the Azure AD API endpoint that provides access to audit and sign-in logs.
- Proper configuration of authentication credentials in n8n is necessary to successfully call the API.
Troubleshooting
- Missing or invalid X USER ID header: Ensure the "X USER ID" property is provided and correctly set; it is required for the request.
- API authentication errors: Verify that the API key or authentication token is valid and has sufficient permissions to read Azure AD logs.
- Query syntax issues: If using the "Condition" property to filter logs, ensure the query string follows the expected syntax supported by the Azure AD logs API.
- Pagination problems: When using "Skip" and "Limit", confirm values are non-negative integers and within allowed ranges to avoid empty or incomplete results.
- Order By field errors: Use valid field names recognized by the Azure AD logs API to prevent ordering failures.