IBM QRadar

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------

Hi Serhii, support for Azure NSG flow logs (and the ability to covert them to flows in QRadar) is being added and should be available in a few months.

------------------------------
Tom Obremski
------------------------------

Original Message:
Sent: Thu January 12, 2023 08:03 AM
From: Serhii Barabash
Subject: Getting Azure NSG flow logs

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------

Hi Tom.

Is there any word on a timeframe for that Azure NSG flow log support?

DH

------------------------------
Dow Hartley
------------------------------

Original Message:
Sent: Mon February 27, 2023 01:34 PM
From: Tom Obremski
Subject: Getting Azure NSG flow logs

Hi Serhii, support for Azure NSG flow logs (and the ability to covert them to flows in QRadar) is being added and should be available in a few months.

------------------------------
Tom Obremski

Original Message:
Sent: Thu January 12, 2023 08:03 AM
From: Serhii Barabash
Subject: Getting Azure NSG flow logs

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------

Hi Tom,

Is there any ETA for Azure NSG flow log support?

------------------------------
Aman Raj
------------------------------

Original Message:
Sent: Mon February 27, 2023 01:34 PM
From: Tom Obremski
Subject: Getting Azure NSG flow logs

Hi Serhii, support for Azure NSG flow logs (and the ability to covert them to flows in QRadar) is being added and should be available in a few months.

------------------------------
Tom Obremski

Original Message:
Sent: Thu January 12, 2023 08:03 AM
From: Serhii Barabash
Subject: Getting Azure NSG flow logs

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------

Hello Tom, any update on this? Did I properly understand, qRadar would be able to directly read the NSG Logs from a Storage Account, like Splunk is able to? Thank you ;)

------------------------------
Alex Schmitt
------------------------------

Original Message:
Sent: Mon February 27, 2023 01:34 PM
From: Tom Obremski
Subject: Getting Azure NSG flow logs

Hi Serhii, support for Azure NSG flow logs (and the ability to covert them to flows in QRadar) is being added and should be available in a few months.

------------------------------
Tom Obremski

Original Message:
Sent: Thu January 12, 2023 08:03 AM
From: Serhii Barabash
Subject: Getting Azure NSG flow logs

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------

Hello Tom,

any update on this please?

Goal is that qRadar reads the logs directly from the Storage Accounts right?

Thanks.

------------------------------
Alex Schmitt
------------------------------

Original Message:
Sent: Mon February 27, 2023 01:34 PM
From: Tom Obremski
Subject: Getting Azure NSG flow logs

Hi Serhii, support for Azure NSG flow logs (and the ability to covert them to flows in QRadar) is being added and should be available in a few months.

------------------------------
Tom Obremski

Original Message:
Sent: Thu January 12, 2023 08:03 AM
From: Serhii Barabash
Subject: Getting Azure NSG flow logs

Hi! Needed help with adding Azure NSG flows logs to QRadar (Introduction to flow logging for NSGs - Azure Network Watcher | Microsoft Learn). As i read in documentations Azure NSG flow logs can not be flowed to event hub. This is a problem how to flow logs can be pulled to QRadar. As variants of integrations i found https://azsiempublicdrops.blob.core.windows.net/drops/Azure%20SIEM%20Integrator%20User%20Guide.pdf or Connect to Azure Event Hubs - Azure Logic Apps but this varianta not seems as a functional. May be somebody already has such integration?

------------------------------
Serhii Barabash
------------------------------