[Deprecated] GitLab connector for Microsoft Sentinel
Important
Log collection from many appliances and devices is now supported by the Common Event Format (CEF) via AMA, Syslog via AMA, or Custom Logs via AMA data connector in Microsoft Sentinel. For more information, see Find your Microsoft Sentinel data connector.
The GitLab connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | Syslog (GitlabAccess) Syslog (GitlabAudit) Syslog (GitlabApp) |
| Data collection rules support | Workspace transform DCR |
| Supported by | Microsoft Corporation |
Query samples
GitLab Application Logs
GitLabApp
| sort by TimeGenerated
GitLab Audit Logs
GitLabAudit
| sort by TimeGenerated
GitLab Access Logs
GitLabAccess
| sort by TimeGenerated
Vendor installation instructions
Configuration
This data connector depends on three parsers based on a Kusto Function to work as expected GitLab Access Logs, GitLab Audit Logs and GitLab Application Logs which are deployed with the Microsoft Sentinel Solution.
- Install and onboard the agent for Linux
Typically, you should install the agent on a different computer from the one on which the logs are generated.
Syslog logs are collected only from Linux agents.
- Configure the logs to be collected
Configure the facilities you want to collect and their severities.
- Under workspace advanced settings Configuration, select Data and then Syslog.
- Select Apply below configuration to my machines and select the facilities and severities.
- Click Save.
Next steps
For more information, go to the related solution in the Azure Marketplace.