Getting Data In
Highlighted

PCI Compliance: What app should I use to monitor Azure data logs?

Path Finder

We are currently working on PCI Compliance project and need to monitor the Azure Data Logs. What app would you recommend to do this?
Would it be
1. Splunk add-on for Cloud Services - https://splunkbase.splunk.com/app/3110/
2. Azure monitor add-on- https://splunkbase.splunk.com/app/3534/

Thanks in advance for the help.

Best,
Akshay.

0 Karma
Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

SplunkTrust
SplunkTrust

@amulay26 I wouldn't recommend either of those solutions because of either a lack of support and/or reliability.

This is the method I use to ingest logs from Azure to Splunk:
https://answers.splunk.com/answers/678660/how-to-get-logs-from-azure-and-o365-into-splunk.html

This method will easily ingest all "Activity Log" events.

It does not perform monitoring, you would need to setup searches for whatever you want to monitor.

From my PCI experience, having the logs available was generally sufficient as you needed to demonstrate the ability to perform an investigation and not necessarily alerting on specific activities in real-time.

When you say "Azure Data Logs", what logs exactly do you mean by that? Anything beyond the "Activity Log" you will need to enable/define/configure individually within Azure.

View solution in original post

Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

Path Finder

@marycordovacaa By Azure data logs I mean the Azure audit logs and the change logs.

0 Karma
Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

SplunkTrust
SplunkTrust

if you are referring to the "Activity Log" as the audit/change log, this method should suffice

0 Karma
Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

Splunk Employee
Splunk Employee

hi @amulay26 ,

Did the answer below solve your problem? If so, please resolve this post by approving it!

If your problem is still not solved, keep us updated so that someone else can help ya.

Thanks for posting!

0 Karma
Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

SplunkTrust
SplunkTrust

sorry, one other thing...I forgot to point out that my solution is not supported officially by anyone either...but you build it entirely yourself within your own infrastructure so it should't be as big of an issue than the lack of support for more "blackbox" solutions like the others 🙂

0 Karma
Highlighted

Re: PCI Compliance: What app should I use to monitor Azure data logs?

Path Finder

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma