Share via

How to send different tenant's Azure WAF log to tenant with Sentinel Configured?

mara7 161 Reputation points
2023-06-02T07:38:39.8566667+00:00

Hello,

I have 2 tenants.

A tenant : WAF configured (Sentinel x)

B tenant : Sentinel configured( WAF x)

I would like to analyze A's logs in tenant B's sentinel.

How can I configure?

I think I should configure Azure lighthouse, is it right?
If not, Please let me know how to send WAF log to sentinel tenant.

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
68 questions
Azure Web Application Firewall
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
996 questions
0 comments
Accepted answer
  1. David Broggy 5,686 Reputation points MVP
    2023-06-02T13:24:45.7066667+00:00

    Hi mara7,

    take a look at this blog post below.

    It might be easier to configure an app registration and create a logic app/event hub to pull the logs over to your log analytics workspace.

    If you expect to scale to multiple tenants and several log sources, then setting up lighthouse with an 'upper tier sentinel instance' might make sense, but if this is a one-off then I'd consider the logic app approach.

    Azure lighthouse and even Sentinel are free to stand up, so there's no harm in playing with your suggestion if you don't mind all the setup.

    https://techcommunity.microsoft.com/t5/microsoft-sentinel/sending-logs-from-one-tenant-to-a-different-tenant-sentinel/m-p/2185531

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest