Splunk Enterprise Security

Best Add-on for Microsoft Azure AD logs

singhvishakha29
Engager

Hi,

I came across multiple add-ons to collect Microsoft Azure AD logs. Which one is the best to collect the logs? Also is there a subscription needed on Azure end? If yes, is there a way to do it without subscription?

Please note: we have Splunk ES and HF

Regards
Vishakha

0 Karma

lakshman239
SplunkTrust
SplunkTrust

Azure subscription is like an AWS account. For enterprise usage, you would need to have a paid subscription. However, to test/trial, you can sign for a free Azure subscription and stand-up a compute (VMs) and collect logs from them to splunk.

The use of add-on depends on your use case and architectural approach to collect the logs - for e.g. if you want to collect Audit logs [ similar to aws cloudtrail ], you can use https://splunkbase.splunk.com/app/3110

You can also take data directly from the EventHub using suitable TA's. Pls refer to some guidance on the Splunk Blog - https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

0 Karma

hawasli
Engager

Hi,
The inputs for "Splunk Add-on for Microsoft Cloud Services" are configured on the subscription-level. In other words, if you have +100 subscriptions in Azure, you have to create +100 different inputs in the add-on. Is this the right way to go?

Best regards,
Ahmad

0 Karma

rajt
Loves-to-Learn

Hi Ahmad.... we’re u able to figure out on how to ingest from Azure when having about 100 subscriptions.

0 Karma

singhvishakha29
Engager

I am looking for collecting security logs for security analysis. So basically audit logs. We are not concerned about azure system logs itself. Just activity logs

0 Karma

lakshman239
SplunkTrust
SplunkTrust

you can then use 3110 add-on.

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...