We are currently working on PCI Compliance project and need to monitor the Azure Data Logs. What app would you recommend to do this?
Would it be
1. Splunk add-on for Cloud Services - https://splunkbase.splunk.com/app/3110/
2. Azure monitor add-on- https://splunkbase.splunk.com/app/3534/
Thanks in advance for the help.
@amulay26 I wouldn't recommend either of those solutions because of either a lack of support and/or reliability.
This is the method I use to ingest logs from Azure to Splunk:
This method will easily ingest all "Activity Log" events.
It does not perform monitoring, you would need to setup searches for whatever you want to monitor.
From my PCI experience, having the logs available was generally sufficient as you needed to demonstrate the ability to perform an investigation and not necessarily alerting on specific activities in real-time.
When you say "Azure Data Logs", what logs exactly do you mean by that? Anything beyond the "Activity Log" you will need to enable/define/configure individually within Azure.
if you are referring to the "Activity Log" as the audit/change log, this method should suffice
hi @amulay26 ,
Did the answer below solve your problem? If so, please resolve this post by approving it!
If your problem is still not solved, keep us updated so that someone else can help ya.
Thanks for posting!
sorry, one other thing...I forgot to point out that my solution is not supported officially by anyone either...but you build it entirely yourself within your own infrastructure so it should't be as big of an issue than the lack of support for more "blackbox" solutions like the others 🙂