Integration of Microsoft Defender into SIEM Open Source via Syslog

Hello ciberociber 

Unfortunately, syslog export is not supported out of the box for Defender XDR portal. The only way to achieve this is like this:

First send your events to Event hub.

Then, use Azure Functions to send you logs to your SIEM through syslog.

For the second step, there is no documentation and you will probably need some customization, but I found something similar that might give you a taste (GitHub - miguelangelopereira/azuremonitor2syslog: Forward Azure monitor logs to syslog (via Event Hub)).

Hope this helps.

If I have answered your question, please mark your post as Solved

If you like my response, please consider giving it a like