Integrating third-party SIEM tools like Splunk

Category: azure security center


Robert Wilmes on Tue, 02 Feb 2016 00:21:43

I am looking for any information on integrating Azure security events using a syslog format for consumption by third-party external security event processing tools like Splunk.  I searched for "SIEM" and "Splunk" but didn't find any answers.


Ken R. Ward on Tue, 02 Feb 2016 01:09:15

You can use a third-party firewall like F5 or Barracuda WAF to protect a VNET (including App Services if you setup an App Service Environment) and it can export to a SIEM like Splunk or ArcSight.

That would be the easiest solution.  

Thomas W Shinder - MSFT on Tue, 02 Feb 2016 14:35:19

Hi Robert -

At the moment, Ken's advice is the way to go.

Moving forward, we hope to be able to provide some native ability to do that.