Can you clarify if I understood correctly: you would like to pull in and index events from other tools/collectors that are already collecting them? Could you please elaborate on the scenario and what you would like to achieve?Anonymous commented
all the comments on this are 3 years old, and this can be done. Look in Azure Security Chttps://portal.azure.com/?cdnIndex=2&l=en.en-us#blade/Microsoft_Azure_Security/SecurityMenuBlade/6entre\Security solutions :
Arcsight is a supported SIEM.
Here's the list:
IBM QRadar - The Microsoft Azure DSM and Microsoft Azure Event Hub Protocol are available for download from the IBM support website. You can learn more about the integration with Azure here.
Splunk - Depending on your Splunk setup, there are two approaches:
The Azure Monitor Add-On for Splunk is available in Splunkbase and an open source project. Documentation is here.
If you cannot install an add-on in your Splunk instance (eg. if using a proxy or running on Splunk Cloud), you can forward these events to the Splunk HTTP Event Collector using this Function which is triggered by new messages in the event hub.
SumoLogic - Instructions for setting up SumoLogic to consume data from an event hub are available here
ArcSight - The ArcSight Azure Event Hub smart connector is available as part of the ArcSight smart connector collection here.
Syslog server - If you want to stream Azure Monitor data directly to a syslog server, you can check out this GitHub repo.