All Apps and Add-ons

How to integrate Microsoft Cloud App security with Splunk

ips_mandar
Builder

Hi
I want to integrate Microsoft Cloud app security with Splunk, is there any add-on available?
Which fields are required to integrate with Splunk and how?
Thanks,

1 Solution

sylbaea
Communicator

Hello,

MS Cloud App security does provide a syslog-based export method:
- as an MS Cloud App admin, you can generate required setup to install an on-premise agent (Java-based) that will periodically download Cloud App security events and then forward to the specified syslog server
- from there, you need to implement custom knowledge object to leverage syslog events... As far as I know, there is currently no TA you can leverage for that

Regards.

View solution in original post

0 Karma

MaverickT
Communicator

Since October 2020 there is add-on available for this matter:

Microsoft Cloud App Security Add-on for Splunk

s207307
New Member

This guidance is currently your best/easiest method for accomplishing what you have outlined (no current App or TA available):
https://docs.microsoft.com/en-us/cloud-app-security/siem

0 Karma

sylbaea
Communicator

Hello,

MS Cloud App security does provide a syslog-based export method:
- as an MS Cloud App admin, you can generate required setup to install an on-premise agent (Java-based) that will periodically download Cloud App security events and then forward to the specified syslog server
- from there, you need to implement custom knowledge object to leverage syslog events... As far as I know, there is currently no TA you can leverage for that

Regards.

0 Karma

ips_mandar
Builder

Thanks @sylbaea

0 Karma

ips_mandar
Builder

Hi @sylbaea ,
How can I get data from Syslog server into splunk? Can you please help me ..

0 Karma

sylbaea
Communicator

this is a very wide topic... you can either setup Splunk as a syslog server (not recommend if you do have a lot of traffic) either you can index the data of a dedicated syslog server. There is not universal solution, it depends on your needs and environment.

You can search here, it has already been discussed a lot:
https://answers.splunk.com/answers/75667/splunk-as-a-syslog-server.html
https://answers.splunk.com/answers/28680/universal-forwarder-vs-dedicated-rsyslog-syslog-ng-servers-...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...