Integration in SIEM systems SIEM integration. The need to integrate and stream Azure AD sign in logs and audit logs to existing SIEM systems. How to do?
Integration in SIEM systems SIEM integration. The need to integrate and stream Azure AD sign in logs and audit logs to existing SIEM systems. How to do?
HI @cruise-6690
You can route Azure Active Directory (Azure AD) activity logs to several endpoints for long term retention and data insights. This feature allows you to:
Archive Azure AD activity logs to an Azure storage account, to retain the data for a long time.
Stream Azure AD activity logs to an Azure event hub for analytics, using popular Security Information and Event Management (SIEM) tools, such as Splunk and QRadar.
Integrate Azure AD activity logs with your own custom log solutions by streaming them to an event hub.
Send Azure AD activity logs to Azure Monitor logs to enable rich visualizations, monitoring and alerting on the connected data.
Refer below URL's process steps.
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor
Plan an Azure Active Directory reporting and monitoring deployment
If the Answer is helpful, please click Accept Answer and up-vote, this can be beneficial to other community members.
Can you export logs to automatic timing to local without using event center and Monitor?
@cruise-6690 The timestamp that you will get in the audit/signin logs is UTC timezone. It will need to be converted to local time if you use graph to query . Generally SIEM tools may have the time conversation functionality but I am not sure. In case the information provided is helpful please do accept it as answer in the interest of community .
8 people are following this question.