Sending logs to Azure Sentinel

pawellak · January 27, 2022, 12:38am

Hi,

is there an easy way to send logs to Azure Sentinel? Has anyone tried to output logs to TCP Syslog and use CEF connector on Sentinel’s side? Or maybe a plugin to push it through Azure Event Hub?

gsmith · January 27, 2022, 1:51am

Hello && Welcome
Personally I have not but we do work with MS Azure.

There are a couple different Output available you could try.

With the enterprise version (under 5Gb day) its free . Maybe one of those Outputs might work for you.

pawellak · January 27, 2022, 7:45am

Yes, I am thinking about TCP Syslog and connecting with CEF connector on Sentinel’s side.

gsmith · January 27, 2022, 11:56pm

Hello,
From the picture I showed above, perhaps try a Forwarder Output on your Stream

I believe this for a Enterprise license. I personal haven’t forward logs to another different remote device

Topic		Replies	Views
[Graylog 4.2] Output a copy of logs to a SOC or SIEM platform Graylog Central (peer support)	7	2405	March 3, 2022
Collect SentinelOne logs? Graylog Central (peer support)	3	1180	November 2, 2022
Sentinelone AV integration Graylog Central (peer support)	4	1450	December 24, 2019
Linux machines monitoring from Azure Cloud Graylog Central (peer support) sidecar , filebeat-linux	2	908	May 1, 2018
Azure Event Hub Graylog Central (peer support)	3	1309	October 25, 2018

Sending logs to Azure Sentinel

Related topics