Forum Discussion
cloud app security and SIEM agent
Hello, We need to send our cloud app security alerts to our onpremise SIEM, we know that we can install a java program to setup cloud app security agent, by the way we ever used event HUB for AD azu...
Hamid285to get all MCAS - Cloud App Security raw events you need the MCAS API via https://docs.microsoft.com/en-US/cloud-app-security/siem which will be ingested using remote syslog into Splunk (CEF-format).
Additionally you need the MS Graph API for the high level telemetry - the Splunk technical TA app is here.
BillTheKid : Hello and thanks for your feedback.
We will advice our customer to use cloud app security SIEM agent.
Rgds,