cancel
Showing results for 
Search instead for 
Did you mean: 
biswabhusan
Level 7

Azure integration

Hello experts,we are in the process of integrating Azure logs into ESM.I came to know that its not a supported log source by mcafee,. So has anyone here have experience of integrating Azure into ESM.Please guide me on the steps and prerequisites for this.

Thanks

Biswa

0 Kudos
5 Replies
avatorus
Level 7

Re: Azure integration

Hi,

you can try this read article - Integrate logs from Azure resources into your SIEM systems | Microsoft Docs

It's universal solution from Microsoft.

Best regards.

biswabhusan
Level 7

Re: Azure integration

​...we are now trying to import logs from Azure environment to a windows server(mcafee utility server) using a script. we are already fetching the logs using that script on a azure vm.we have identified the url and opened port 443 fr the communication to start, but its not working .can you suggest the network requirements or anything else that we need to do in a server outside of azure.

Thanks

Biswa

0 Kudos
McAfee Employee

Re: Azure integration

Are you using Azure Log Integration to pull the events? What format are the events in?

0 Kudos
biswabhusan
Level 7

Re: Azure integration

we are using a .net script to import logs from azure db.The log is in IIS format. so we are using the below config:

Data source Vendor - Microsoft

Data source Model - IIS

Data Retrieval - CIFS File source

Data format - Default

We can see the logs in a windows folder and in a tcpdump too, but we are not able to see the logs in the console. Any suggestions??

0 Kudos
McAfee Employee

Re: Azure integration

Have you tried setting Support Generic Syslogs to Log "unknown syslog" event under the data source? If the events aren't being parsed this would cause them to show up as 'Unknown' and confirm that it was parsing related.

0 Kudos