Forum Discussion
Integration of Microsoft Defender into SIEM Open Source via Syslog
Hello everyone,
I have:
- Microsoft Defender central console
- Endpoints reporting to central console
- SIEM open source
I need to be able to export all logs from Microsoft Defender central console to SIEM via Syslog.
Could someone provide me with a guide or step by step configuration?
Thanks in advance!
1 Reply
- cyb3rmik3
Microsoft
Hello ciberociber
Unfortunately, syslog export is not supported out of the box for Defender XDR portal. The only way to achieve this is like this:
First send your events to Event hub.
Then, use Azure Functions to send you logs to your SIEM through syslog.
For the second step, there is no documentation and you will probably need some customization, but I found something similar that might give you a taste (GitHub - miguelangelopereira/azuremonitor2syslog: Forward Azure monitor logs to syslog (via Event Hub)).
Hope this helps.
If I have answered your question, please mark your post as Solved
If you like my response, please consider giving it a like
