Data collector from Wordpress website to Microsoft Sentinel.

Question

Data collector from Wordpress website to Microsoft Sentinel.

Kevin Dule 65

Hello,

Is there any idea how you can forward logs from Wordpress Website(Hosted in an Ubuntu VM in Azure) to Microsoft Sentinel.

My idea was to convert activity log to syslog and forward them to a dedicated VM via MelaPress Plugin.

Then, allow this vm to communicate with Microsoft Sentinel.

Please can you suggest me another optimized way(not to use any plugin) how to solve this problem.

Thank you,

Kevin

Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator

2023-11-29T09:57:17.18+00:00

@Kevin Dule

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.

Thanks,

Akshay Kaushik

Accepted answer

0 additional answers

Your answer

Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator

2023-11-29T09:57:17.18+00:00

@Kevin Dule

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer(Yes)" and "share you feedback ". This will help us and others in the community as well.

Thanks,

Akshay Kaushik

Answer 1

Akshay-MSFT 17,951 Microsoft Employee Moderator

@Kevin Dule

Thank you for posting your query on Microsoft Q&A. From above description I could understand that you are looking to forwards WordPress webapp logs to Microsoft Sentinel.

Please do correct me if this is not the case by responding in the comments section.

Currently we don't have any WordPress Data connector available to be configured with Microsoft Sentinel. Adding to the workaround above instead of using any other plugin and dedicated VM you may use Azure Monitoring Agent to Forward Syslog data from Ubuntu VM to a Log Analytics workspace with Microsoft Sentinel

You need to follow the given steps as per Tutorial.

Create a data collection rule.
Verify that Azure Monitor Agent is running.
Enable log reception on port 514.
Verify that Syslog data is forwarded to your Log Analytics workspace.

Thanks,

Akshay Kaushik

Please "Accept the answer (opting Yes under "Helpful")" and "share your feedback ". This will help us and others in the community as well.

Kevin Dule 65 Reputation points

2023-11-28T09:07:33.12+00:00

Hello Akshay,

Thank you for your response.

As I reasearch, I don't think that Wordpress sites save webapp logs in VM(I am not sure for this, please if you have additional informations, please let me know)

So that's the reason why I suggest MelaPress Plugin.

I am waiting for your answer,

Thank you,

Kevin
Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator

2023-11-28T10:51:40.9233333+00:00
@Kevin Dule

Agreeing to your above comment you would need a WordPress plugin to send website activity logs to Azure Monitor/Log Analytics workspace for data collection rule to work with custom connector.

Apart from this you may set application authentication behind Azure App registration.

Register an Azure AD application and create a service principal. You can follow the instructions in this document: Register an application with Azure AD and create a service principal.

Get the credentials for future authentication. In the registered application blade, get the application credentials for signing in:

Client ID: under Overview

Client secret: under Certificates & secrets.

Grant permissions to the Microsoft Sentinel workspace. In this step, the app will Authenticate as a service principal (Microsoft Entra application)

Create a custom connector. You can use the Logic Apps to create a Microsoft Sentinel custom connector.

This would save any sign activity to Entra ID registered App (with WordPress site as redirect URI) and save it to the above created custom connector.

Thanks,

Akshay Kaushik

Please "Accept the answer (opting Yes under "Helpful")" and "share your feedback ". This will help us and others in the community as well.
Kevin Dule 65 Reputation points

2023-11-28T11:20:44.1133333+00:00

Thank you Akshay,

I have tried this method before with a Laravel Php App to autheticate users via Azure AD.

I don't know what types of logs are sent in Sentinel(only for login attempt, or maybe for example an Admin in Wordpress has changed the logo of website from device IP [...] etc)

If you have any information, please let me know.

Thank you for your custom solution!

Kevin
Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator

2023-11-28T12:02:36.2966667+00:00

@Kevin Dule

You would get following logs from Entra ID:

SigninLogs

AuditLogs

AADNonInteractiveUserSignInLogs

AADServicePrincipalSignInLogs

AADManagedIdentitySignInLogs.

Thanks,

Akshay Kaushik

Please "Accept the answer (opting Yes under "Helpful")" and "share your feedback ". This will help us and others in the community as well.

Share via

Data collector from Wordpress website to Microsoft Sentinel.

0 additional answers

Your answer