QRadar XDR

  • 1.  Best practices in integrating azure vm logs using azure security center

    Posted Mon June 28, 2021 09:55 AM
    Hi Team,

    I am new to Qradar. I would lie to integrate all azure vms(including Windows and Linux) logs need to be forwarded to Qradar Event processor.
    Can anyone help me out in finding the best possible solutions to integrate azure security center logs with Qradar?

    1) Via EventHub
    2) Via Microsoft graph security API
     which would be the best in parsing all logs from Azure security center?

    Regards,
    Sujana

    ------------------------------
    Sujana Y
    ------------------------------


  • 2.  RE: Best practices in integrating azure vm logs using azure security center

    Posted Fri July 09, 2021 11:43 AM
    Hi Sujana,
    you definitely go via MS Azure Event Hub as being described in the DSM guide. The step by step instruction should pull you through. Windows and Linux is supported. If Linux should be a problem depending on your distribution used, there are a couple of settings you can tweek but I would go for a test right away.
    BR
    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------



  • 3.  RE: Best practices in integrating azure vm logs using azure security center

    Posted Wed July 21, 2021 12:12 AM
    Thank you so much Karl.

    ------------------------------
    Sujana Y
    ------------------------------