GitLab connector for Microsoft Sentinel
The GitLab connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | Syslog (GitlabAccess) Syslog (GitlabAudit) Syslog (GitlabApp) |
| Data collection rules support | Workspace transform DCR |
| Supported by | Microsoft Corporation |
Query samples
GitLab Application Logs
GitLabApp
| sort by TimeGenerated
GitLab Audit Logs
GitLabAudit
| sort by TimeGenerated
GitLab Access Logs
GitLabAccess
| sort by TimeGenerated
Vendor installation instructions
Configuration
This data connector depends on three parsers based on a Kusto Function to work as expected GitLab Access Logs, GitLab Audit Logs and GitLab Application Logs which are deployed with the Microsoft Sentinel Solution.
- Install and onboard the agent for Linux
Typically, you should install the agent on a different computer from the one on which the logs are generated.
Syslog logs are collected only from Linux agents.
- Configure the logs to be collected
Configure the facilities you want to collect and their severities.
- Under workspace advanced settings Configuration, select Data and then Syslog.
- Select Apply below configuration to my machines and select the facilities and severities.
- Click Save.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for