Privilege Identity Management (PIM) Logs Retention

%3CLINGO-SUB%20id%3D%22lingo-sub-2978931%22%20slang%3D%22en-US%22%3EPrivilege%20Identity%20Management%20(PIM)%20Logs%20Retention%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2978931%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%2C%3C%2FP%3E%3CP%3EI%20have%20a%20requirement%20to%20archive%20PIM%20logs%20with%20a%20retention%20period%20of%207%20years.%20The%20logs%20must%20be%20ingested%20into%20a%20SIEM%20via%20Log%20Analytics.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20could%20not%20find%20a%20way%20to%20integrate%20PIM%20with%20Log%20Analytics.%20The%20only%20option%20available%20is%20to%20export%20the%20logs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20suggestions%20about%20exporting%20the%20logs%20to%20a%20storage%20account%20then%20hooking%20that%20up%20to%20Azure%20Monitor.%20This%20approach%20is%20not%20ideal%20since%20it%20introduces%20complexities%20and%20I%20am%20not%20sure%20if%20this%20will%26nbsp%3BPI%20provide%20the%20required%20result.%26nbsp%3BI%20would%20rather%20have%20the%20SIEM%20pickup%20the%20data%20directly%20from%20Log%20Analytics.%3C%2FP%3E%3CP%3EHas%20anyone%20come%20across%20a%20similar%20requirement%20and%20can%20share%20what%20they%20did%20as%20a%20work%20around%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20is%20integrating%20PIM%20with%20Log%20Analytics%20on%20the%20roadmap%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2978931%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Senior Member

Hi ,

I have a requirement to archive PIM logs with a retention period of 7 years. The logs must be ingested into a SIEM via Log Analytics. 

 

I could not find a way to integrate PIM with Log Analytics. The only option available is to export the logs.

 

There are suggestions about exporting the logs to a storage account then hooking that up to Azure Monitor. This approach is not ideal since it introduces complexities and I am not sure if this will PI provide the required result. I would rather have the SIEM pickup the data directly from Log Analytics.

Has anyone come across a similar requirement and can share what they did as a work around?

 

Also, is integrating PIM with Log Analytics on the roadmap?

 

Many thanks

 

0 Replies