Skip to content

Azure Integration

There are several ways to get logs from multiple parts of your Azure infrastructure

EventsHub-based integration

This is the most generic way to collect Azure logs. Follow the steps below:

  1. Enable the logs you need to collect, following this guide
  2. Go to EventHubs -> your event hub namespace -> Event hubs -> your event hub -> Shared access policy -> Create
  3. Specify a policy name and check "Listen"
  4. When the policy is created, open it and copy the Connection String primary key
  5. Open LogSentinel SIEM, go to Sources and integrations -> Integrations and create an Azure integration
  6. Specfiy an integration name and paste the connection string you copied on step 4. (the event hub name is optional)

Microsoft365-based integration

Azure integration can be done through the unified Microsoft logging as describe in the Microsoft365 section.

Microsoft Cloud App Security Integration

Cloud App Security is Microsoft's CASB. Integration is supported through CEF. How to setup syslog/CEF is documented in the syslog section