Getting Data In

Whats the best way to get Azure Security center logs to Splunk?

Path Finder


Are there any other options to on-board azure security center alerts to Splunk other than eventhub?

Tags (2)

Splunk Employee
Splunk Employee

Security Center alerts show up in the activity log which can be ingested via event hub or REST API. The Splunk add-on for Microsoft Cloud Services uses the REST API to get the data.

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!