cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

How to send Data from Log Analytics to Qradar (or any app)

GouravIN
Brass Contributor

‎Sep 11 2018 04:19 AM - last edited on ‎Apr 07 2022 05:28 PM by

‎Sep 11 2018 04:19 AM - last edited on ‎Apr 07 2022 05:28 PM by

How to send Data from Log Analytics to Qradar (or any app)

Hi Team,

I am integrating Event Hub with Qradar with security purposes. I have created an Event Hub and streamed all the activity logs (for 10 subscription) into it. Now i want to stream Monitor and syslog and other data into event hub. 

 

Due to limitation of Event Hub i can not directly stream data into it. So my seniors proposed the below structure to send data from OMS to Event Hub. But i am not sure how i can build query for sending OMS data to Event HUB.

 

QradarIntegration.png

 

I have gone through the below link, using this i can read event hub data using OMS. But i want to send OMS data into Event Hub.

 

https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-activity-logs-subscriptions

Labels:
19.4K Views
0 Likes
5 Replies
Reply
5 Replies
Sandeep Chigullapally

‎Oct 30 2018 08:43 AM

‎Oct 30 2018 08:43 AM

Re: How to send Data from Log Analytics to Qradar (or any app)

Hi Gourav,

 

I am also in the same situation trying to find out how to send events from Log Analytics workspace to EH. No luck for me yet, but from my research I can conclude that Logic Apps cannot do this task because in logic apps we cannot define log analytics as a trigger it can only be set as action.

Eg: If we say that Logic App has to trigger based on event availability/time (like every 10 min) in Log Analytics (OMS), we cannot do this in logic app because Log Analytics cannot be used as trigger point. We can only say that if something gets triggered send it to Log Analytics (action). 

 

Thanks

Sandeep

0 Likes
Reply
best response confirmed by GouravIN (Brass Contributor)
Sandeep Chigullapally

‎Oct 30 2018 11:14 AM

‎Oct 30 2018 11:14 AM

Solution

Re: How to send Data from Log Analytics to Qradar (or any app)

I think I found the way to do it. Please see attached screen shot. Please leave a reply if it works.Log Analytics to EH.png

0 Likes
Reply
GouravIN

‎Oct 30 2018 11:17 AM

‎Oct 30 2018 11:17 AM

Re: How to send Data from Log Analytics to Qradar (or any app)

Indeed, same method i am using but thanks for the information.
0 Likes
Reply
kiranlagishetti

‎Sep 18 2019 04:28 AM

‎Sep 18 2019 04:28 AM

Re: How to send Data from Log Analytics to Qradar (or any app)

@GouravIN For Splunk you can use Microsoft Log Analytics Add-on (Formerly Known as OMS). It's simple integration.

https://splunkbase.splunk.com/app/4127/

 

Note: https://api.loganalytics.io has to excluded in the Firewall ( If you have any firewall rules)

0 Likes
Reply
chrish80

‎Aug 07 2020 10:55 AM - edited ‎Aug 07 2020 11:04 AM

‎Aug 07 2020 10:55 AM - edited ‎Aug 07 2020 11:04 AM

Re: How to send Data from Log Analytics to Qradar (or any app)

@Sandeep Chigullapally What are you using for the Content and Properties? I'm having a hard time determining the right values.  Some things I get a serialization issue other combo's I get a null value error. Any help would be greatly appreciated! Thanks! EDIT: I just realized this was a general use case thread and not actually one specifically to get nsg flow logs to event hub.  If someone knows if this is possible and what the magic combo is that would be awesome 

 

chrish80_0-1596822816167.png

 

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by GouravIN (Brass Contributor)
Sandeep Chigullapally

‎Oct 30 2018 11:14 AM

‎Oct 30 2018 11:14 AM

Solution

Re: How to send Data from Log Analytics to Qradar (or any app)

I think I found the way to do it. Please see attached screen shot. Please leave a reply if it works.Log Analytics to EH.png

View solution in original post

0 Likes
Reply