Robert Wilmes on Tue, 02 Feb 2016 00:21:43
I am looking for any information on integrating Azure security events using a syslog format for consumption by third-party external security event processing tools like Splunk. I searched for "SIEM" and "Splunk" but didn't find any answers.
Ken R. Ward on Tue, 02 Feb 2016 01:09:15
You can use a third-party firewall like F5 or Barracuda WAF to protect a VNET (including App Services if you setup an App Service Environment) and it can export to a SIEM like Splunk or ArcSight.
That would be the easiest solution.
Thomas W Shinder - MSFT on Tue, 02 Feb 2016 14:35:19
Hi Robert -
At the moment, Ken's advice is the way to go.
Moving forward, we hope to be able to provide some native ability to do that.