Enable inactive human identity logs on Azure in Cortex Cloud Identity Security - Configuration information for enabling inactive human identity logs on Azure. - Administrator Guide - Cortex XSIAM - Cortex

Enable inactive human identity logs on Azure in Cortex Cloud Identity Security - Configuration information for enabling inactive human identity logs on Azure. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-16

Notice

This feature is included with a Cortex XSIAM Premium license. It is also included with any other Cortex XSIAM license that has the Cloud Posture Security or Cloud Runtime Security add-on.

To enable inactive human identity logs on the Microsoft Azure platform in Cortex Cloud Identity Security, you must first configure diagnostic settings for the SignInLog log types. These log types provide information regarding how long human identities have been signed in.

To configure the SignInLog log types, do the following:

Open the Azure console.
Navigate to the Diagnostic settings screen.
In the Logs area, under Categories, select the following categories that are related to sign-in logs:
- SigninLogs
- NonInteractiveUserSigninLogs
- ServicePrincipalSigninLogs
- ManagedIdentitySigninLogs
- ADFSSigninLogs
Click Save.

Note

For more information, see Ingest logs from Microsoft Azure Event Hub.