Share via


[Deprecated] GitLab connector for Microsoft Sentinel

Important

Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector.

The GitLab connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) Syslog (GitlabAccess)
Syslog (GitlabAudit)
Syslog (GitlabApp)
Data collection rules support Workspace transform DCR
Supported by Microsoft Corporation

Query samples

GitLab Application Logs

GitLabApp 
| sort by TimeGenerated

GitLab Audit Logs

GitLabAudit 
| sort by TimeGenerated

GitLab Access Logs

GitLabAccess 
| sort by TimeGenerated

Vendor installation instructions

Configuration

This data connector depends on three parsers based on a Kusto Function to work as expected GitLab Access Logs, GitLab Audit Logs and GitLab Application Logs which are deployed with the Microsoft Sentinel Solution.

  1. Install and onboard the agent for Linux

Typically, you should install the agent on a different computer from the one on which the logs are generated.

Syslog logs are collected only from Linux agents.

  1. Configure the logs to be collected

Configure the facilities you want to collect and their severities.

  1. Under workspace advanced settings Configuration, select Data and then Syslog.
  2. Select Apply below configuration to my machines and select the facilities and severities.
  3. Click Save.

Next steps

For more information, go to the related solution in the Azure Marketplace.