Forum Discussion
George Smyrlis
Microsoft
MicrosoftSIEM integration missing from Azure ATP portal?
Hello team!
Could anyone help me with why I cannot find the SIEM integration under Data Sources from the Azure ATP Configuration portal? Although this is fully documented (https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-collection#configuring-the-azure-atp-sensor-to-listen-for-siem-events) I cannot find it in the Azure ATP Configuration portal.
Thank you,
George
Integrated sensors cannot listen to SIEM (syslog) traffic any more.
They actually don't need too...
They are installed on the DC itself, thus can get all the info they need locally.
3 Replies
- EliOfekDocs is not properly updated, pending a fix.
Standalone sensors are now listening to SIEM events by default. No need to configure them.- George Smyrlis
Thank you a lot EliOfek for your response. However, I am not using the Standalone Sensor but the Azure ATP Sensor directly installed on every DC. Does the same applies there? Thank you
- EliOfek
Integrated sensors cannot listen to SIEM (syslog) traffic any more.
They actually don't need too...
They are installed on the DC itself, thus can get all the info they need locally.
