There are several ways to get logs from multiple parts of your Azure infrastructure
This is the most generic way to collect Azure logs. Follow the steps below:
- Enable the logs you need to collect, following this guide
- Go to EventHubs -> your event hub namespace -> Event hubs -> your event hub -> Shared access policy -> Create
- Specify a policy name and check "Listen"
- When the policy is created, open it and copy the Connection String primary key
- Open LogSentinel SIEM, go to Sources and integrations -> Integrations and create an Azure integration
- Specfiy an integration name and paste the connection string you copied on step 4. (the event hub name is optional)
Azure integration can be done through the unified Microsoft logging as describe in the Microsoft365 section.