Azure Monitor alerts sent to SIEM

Hadi D 10 Reputation points
2023-09-07T22:49:01.42+00:00

I recently created an alert rule on our Azure Monitor to fire an alert when a Conditional Access policy is modified, updated, created or deleted.

The alerts get fired correctly on Azure Monitor under the Alerts section. however i need to get these alerts through to our SIEM tool.

I couldn't find information on that, i only found info on how to pass Defender for Cloud alerts to the SIEM.

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,783 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Luke Murray 10,526 Reputation points MVP
    2023-09-18T06:12:43.4966667+00:00

    If your SIEM is Microsoft Sentinel, then this blog article:

    Monitor Conditional Access with Microsoft Sentinel

    And Analytics rules could be key.

    If your SIEM is not Sentinel, then your SIEM may have specific data packs or connectors to enable this functionality by collecting the conditional access changes from the Azure activity log, and alerting off that.

    0 comments No comments