Forum Discussion

George Smyrlis's avatar
George Smyrlis
Icon for Microsoft rankMicrosoft
Dec 06, 2019
Solved

SIEM integration missing from Azure ATP portal?

Hello team!    Could anyone help me with why I cannot find the SIEM integration under Data Sources from the Azure ATP Configuration portal? Although this is fully documented (https://docs.microso...
  • EliOfek's avatar
    EliOfek
    Dec 10, 2019

    George Smyrlis 

    Integrated sensors cannot listen to SIEM (syslog) traffic any more.

    They actually don't need too... 

    They are installed on the DC itself, thus can get all the info they need locally.

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Dec 06, 2019
Docs is not properly updated, pending a fix.
Standalone sensors are now listening to SIEM events by default. No need to configure them.
  • George Smyrlis's avatar
    George Smyrlis
    Icon for Microsoft rankMicrosoft
    Dec 10, 2019

    Thank you a lot EliOfek for your response. However, I am not using the Standalone Sensor but the Azure ATP Sensor directly installed on every DC. Does the same applies there? Thank you

    • EliOfek's avatar
      EliOfek
      Icon for Microsoft rankMicrosoft
      Dec 10, 2019

      George Smyrlis 

      Integrated sensors cannot listen to SIEM (syslog) traffic any more.

      They actually don't need too... 

      They are installed on the DC itself, thus can get all the info they need locally.

Resources