Anonymous

My feedback

  1. 24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Security Center  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous commented  · 

    all the comments on this are 3 years old, and this can be done. Look in Azure Security Chttps://portal.azure.com/?cdnIndex=2&l=en.en-us#blade/Microsoft_Azure_Security/SecurityMenuBlade/6entre\Security solutions :

    Arcsight is a supported SIEM.
    Here's the list:
    IBM QRadar - The Microsoft Azure DSM and Microsoft Azure Event Hub Protocol are available for download from the IBM support website. You can learn more about the integration with Azure here.
    Splunk - Depending on your Splunk setup, there are two approaches:
    The Azure Monitor Add-On for Splunk is available in Splunkbase and an open source project. Documentation is here.
    If you cannot install an add-on in your Splunk instance (eg. if using a proxy or running on Splunk Cloud), you can forward these events to the Splunk HTTP Event Collector using this Function which is triggered by new messages in the event hub.
    SumoLogic - Instructions for setting up SumoLogic to consume data from an event hub are available here
    ArcSight - The ArcSight Azure Event Hub smart connector is available as part of the ArcSight smart connector collection here.
    Syslog server - If you want to stream Azure Monitor data directly to a syslog server, you can check out this GitHub repo.

Feedback and Knowledge Base