Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Enterprise Security
- :
- Re: Best Add-on for Microsoft Azure AD logs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Best Add-on for Microsoft Azure AD logs
Hi,
I came across multiple add-ons to collect Microsoft Azure AD logs. Which one is the best to collect the logs? Also is there a subscription needed on Azure end? If yes, is there a way to do it without subscription?
Please note: we have Splunk ES and HF
Regards
Vishakha
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure subscription is like an AWS account. For enterprise usage, you would need to have a paid subscription. However, to test/trial, you can sign for a free Azure subscription and stand-up a compute (VMs) and collect logs from them to splunk.
The use of add-on depends on your use case and architectural approach to collect the logs - for e.g. if you want to collect Audit logs [ similar to aws cloudtrail ], you can use https://splunkbase.splunk.com/app/3110
You can also take data directly from the EventHub using suitable TA's. Pls refer to some guidance on the Splunk Blog - https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The inputs for "Splunk Add-on for Microsoft Cloud Services" are configured on the subscription-level. In other words, if you have +100 subscriptions in Azure, you have to create +100 different inputs in the add-on. Is this the right way to go?
Best regards,
Ahmad
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ahmad.... we’re u able to figure out on how to ingest from Azure when having about 100 subscriptions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking for collecting security logs for security analysis. So basically audit logs. We are not concerned about azure system logs itself. Just activity logs
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can then use 3110 add-on.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
