Hi Team,

I am new to Qradar. I would lie to integrate all azure vms(including Windows and Linux) logs need to be forwarded to Qradar Event processor.
Can anyone help me out in finding the best possible solutions to integrate azure security center logs with Qradar?

1) Via EventHub
2) Via Microsoft graph security API
 which would be the best in parsing all logs from Azure security center?

Regards,
Sujana

------------------------------
Sujana Y
------------------------------

Hi Sujana,
you definitely go via MS Azure Event Hub as being described in the DSM guide. The step by step instruction should pull you through. Windows and Linux is supported. If Linux should be a problem depending on your distribution used, there are a couple of settings you can tweek but I would go for a test right away.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------

Original Message:
Sent: Mon June 28, 2021 08:32 AM
From: Sujana Y
Subject: Best practices in integrating azure vm logs using azure security center

Hi Team,

I am new to Qradar. I would lie to integrate all azure vms(including Windows and Linux) logs need to be forwarded to Qradar Event processor.
Can anyone help me out in finding the best possible solutions to integrate azure security center logs with Qradar?

1) Via EventHub
2) Via Microsoft graph security API
 which would be the best in parsing all logs from Azure security center?

Regards,
Sujana

------------------------------
Sujana Y
------------------------------

Thank you so much Karl.

------------------------------
Sujana Y
------------------------------

Original Message:
Sent: Fri July 09, 2021 11:43 AM
From: Karl Jaeger
Subject: Best practices in integrating azure vm logs using azure security center

Hi Sujana,
you definitely go via MS Azure Event Hub as being described in the DSM guide. The step by step instruction should pull you through. Windows and Linux is supported. If Linux should be a problem depending on your distribution used, there are a couple of settings you can tweek but I would go for a test right away.
BR
Karl

------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]

Original Message:
Sent: Mon June 28, 2021 08:32 AM
From: Sujana Y
Subject: Best practices in integrating azure vm logs using azure security center

Hi Team,

I am new to Qradar. I would lie to integrate all azure vms(including Windows and Linux) logs need to be forwarded to Qradar Event processor.
Can anyone help me out in finding the best possible solutions to integrate azure security center logs with Qradar?

1) Via EventHub
2) Via Microsoft graph security API
 which would be the best in parsing all logs from Azure security center?

Regards,
Sujana

------------------------------
Sujana Y
------------------------------