All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to integrate Microsoft Cloud App security with Splunk

ips_mandar
Builder
‎02-10-2019 10:11 PM

Hi
I want to integrate Microsoft Cloud app security with Splunk, is there any add-on available?
Which fields are required to integrate with Splunk and how?
Thanks,

Reply
1 Solution
Solved! Jump to solution
Solution

sylbaea
Communicator
‎02-10-2019 10:20 PM

Hello,

MS Cloud App security does provide a syslog-based export method:
- as an MS Cloud App admin, you can generate required setup to install an on-premise agent (Java-based) that will periodically download Cloud App security events and then forward to the specified syslog server
- from there, you need to implement custom knowledge object to leverage syslog events... As far as I know, there is currently no TA you can leverage for that

Regards.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

MaverickT
Communicator
‎11-09-2020 12:58 AM

Since October 2020 there is add-on available for this matter:

Microsoft Cloud App Security Add-on for Splunk

Reply
Solved! Jump to solution

s207307
New Member
‎06-04-2019 12:24 PM

This guidance is currently your best/easiest method for accomplishing what you have outlined (no current App or TA available):
https://docs.microsoft.com/en-us/cloud-app-security/siem

0 Karma
Reply
Solved! Jump to solution
Solution

sylbaea
Communicator
‎02-10-2019 10:20 PM

Hello,

MS Cloud App security does provide a syslog-based export method:
- as an MS Cloud App admin, you can generate required setup to install an on-premise agent (Java-based) that will periodically download Cloud App security events and then forward to the specified syslog server
- from there, you need to implement custom knowledge object to leverage syslog events... As far as I know, there is currently no TA you can leverage for that

Regards.

0 Karma
Reply
Solved! Jump to solution

ips_mandar
Builder
‎02-11-2019 03:50 AM

Thanks @sylbaea

0 Karma
Reply
Solved! Jump to solution

ips_mandar
Builder
‎02-12-2019 02:34 AM

Hi @sylbaea ,
How can I get data from Syslog server into splunk? Can you please help me ..

0 Karma
Reply
Solved! Jump to solution

sylbaea
Communicator
‎02-12-2019 02:38 AM

this is a very wide topic... you can either setup Splunk as a syslog server (not recommend if you do have a lot of traffic) either you can index the data of a dedicated syslog server. There is not universal solution, it depends on your needs and environment.

You can search here, it has already been discussed a lot:
https://answers.splunk.com/answers/75667/splunk-as-a-syslog-server.html
https://answers.splunk.com/answers/28680/universal-forwarder-vs-dedicated-rsyslog-syslog-ng-servers-...

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...