Best Add-on for Microsoft Azure AD logs

singhvishakha29 · ‎07-22-2019

Hi,

I came across multiple add-ons to collect Microsoft Azure AD logs. Which one is the best to collect the logs? Also is there a subscription needed on Azure end? If yes, is there a way to do it without subscription?

Please note: we have Splunk ES and HF

Regards
Vishakha

lakshman239 · ‎07-22-2019

Azure subscription is like an AWS account. For enterprise usage, you would need to have a paid subscription. However, to test/trial, you can sign for a free Azure subscription and stand-up a compute (VMs) and collect logs from them to splunk.

The use of add-on depends on your use case and architectural approach to collect the logs - for e.g. if you want to collect Audit logs [ similar to aws cloudtrail ], you can use https://splunkbase.splunk.com/app/3110

You can also take data directly from the EventHub using suitable TA's. Pls refer to some guidance on the Splunk Blog - https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

hawasli · ‎03-05-2020

Hi,
The inputs for "Splunk Add-on for Microsoft Cloud Services" are configured on the subscription-level. In other words, if you have +100 subscriptions in Azure, you have to create +100 different inputs in the add-on. Is this the right way to go?

Best regards,
Ahmad

rajt · ‎03-20-2021

Hi Ahmad.... we’re u able to figure out on how to ingest from Azure when having about 100 subscriptions.

singhvishakha29 · ‎07-30-2019

I am looking for collecting security logs for security analysis. So basically audit logs. We are not concerned about azure system logs itself. Just activity logs

lakshman239 · ‎07-30-2019

you can then use 3110 add-on.

Best Add-on for Microsoft Azure AD logs

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!