Integrating third-party SIEM tools like Splunk

Category: azure security center

Question

Robert Wilmes on Tue, 02 Feb 2016 00:21:43


I am looking for any information on integrating Azure security events using a syslog format for consumption by third-party external security event processing tools like Splunk.  I searched for "SIEM" and "Splunk" but didn't find any answers.

Replies

Ken R. Ward on Tue, 02 Feb 2016 01:09:15


You can use a third-party firewall like F5 or Barracuda WAF to protect a VNET (including App Services if you setup an App Service Environment) and it can export to a SIEM like Splunk or ArcSight.

https://f5.com/about-us/blog/articles/f5-previews-pre-configured-web-application-firewall-solution-for-azure-security-center

https://techlib.barracuda.com/waf/exportlogstoarcsight

That would be the easiest solution.  

Thomas W Shinder - MSFT on Tue, 02 Feb 2016 14:35:19


Hi Robert -

At the moment, Ken's advice is the way to go.

Moving forward, we hope to be able to provide some native ability to do that.

Thanks!

Tom