Integration in SIEM systems SIEM integration. The need to integrate and stream Azure AD sign in logs and audit logs to existing SIEM systems. How to do?
You can route Azure Active Directory (Azure AD) activity logs to several endpoints for long term retention and data insights. This feature allows you to:
Archive Azure AD activity logs to an Azure storage account, to retain the data for a long time.
Stream Azure AD activity logs to an Azure event hub for analytics, using popular Security Information and Event Management (SIEM) tools, such as Splunk and QRadar.
Integrate Azure AD activity logs with your own custom log solutions by streaming them to an event hub.
Send Azure AD activity logs to Azure Monitor logs to enable rich visualizations, monitoring and alerting on the connected data.
Refer below URL's process steps.
Plan an Azure Active Directory reporting and monitoring deployment
If the Answer is helpful, please click
Accept Answer and up-vote, this can be beneficial to other community members.
8 people are following this question.