Hello,
I am planning to use Azure sentinel for my on-premises and cloud workloads/devices.
Like any other SIEM solution, Sentinel requires you to have a log collector where all the devices(Syslog,CEF) can send the logs and than they are transported to Sentinel for analysis.
Now, i have a large no of devies - in thousand. The main issue is that each time I change my SIEM/syslog solution, I need to point the devices to the next log collector - a different IP - it is a hectic job. Secondly, log collectors are proprietary and require engineering to maintain high-availability and reliability.
Can i have a middleware where we can send the logs and later send to any SIEM, etc for analysis? In this way we donot have to edit the devices config each time the SIEM solution is changed?
Can Azure data factory do this job? Stream the logs to Data Factory and than send the Sentinel/SIEM?
Are there any downsides to this approach?
thanks foe the support.