cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

cloud app security and SIEM agent

%3CLINGO-SUB%20id%3D%22lingo-sub-1890320%22%20slang%3D%22en-US%22%3Ecloud%20app%20security%20and%20SIEM%20agent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1890320%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EWe%20need%20to%20send%20our%20cloud%20app%20security%20alerts%20to%20our%20onpremise%20SIEM%2C%20we%20know%20that%20we%20can%20install%20a%20java%20program%20to%20setup%20cloud%20app%20security%20agent%2C%20by%20the%20way%20we%20ever%20used%20event%20HUB%20for%20AD%20azure%20service%20and%20to%20avoid%20installing%20a%20VM%20with%20cloud%20app%20security%20SIEM%20agent%2C%20one%20think%20is%20to%20use%20Azure%20Logic%20Apps%20to%20grab%20cloud%20app%20security%20alerts%20and%20forward%20them%20to%20event%20hub%20and%20then%20send%20alert's%20on%20across%20existing%20link%20with%20our%20onpremise%20SIEM.%3C%2FP%3E%3CP%3EDoes%20it%20make%20sense%20or%20have%20u%20got%20advices%20about%20our%20idea%20%3F%3C%2FP%3E%3CP%3EThanks%20for%20your%20feedback.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1890320%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1919693%22%20slang%3D%22en-US%22%3ERe%3A%20cloud%20app%20security%20and%20SIEM%20agent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1919693%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F870307%22%20target%3D%22_blank%22%3E%40Hamid285%3C%2FA%3E%26nbsp%3BHave%20you%20seen%20this%20help%20doc%3F%20Does%20this%20provide%20an%20easier%20fix%20for%20you%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fsiem%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fsiem%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1922584%22%20slang%3D%22en-US%22%3ERe%3A%20cloud%20app%20security%20and%20SIEM%20agent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1922584%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F785892%22%20target%3D%22_blank%22%3E%40caseykraus%3C%2FA%3E%26nbsp%3B%3A%20Hello%2C%20thanks%20for%20your%20feedback.yes%20i%20saw%20this%20article%20but%20as%20explain%20we%20do%20not%20need%20to%20go%20by%20this%20way%20%2C%20but%20use%20MS%20SOAR%20with%20event%20hub%20%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsecurecloud.blog%2F2020%2F04%2F30%2Fsend-security-alerts-from-microsoft-cloud-to-3rd-party-siem-with-logic-apps-and-event-hub%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsecurecloud.blog%2F2020%2F04%2F30%2Fsend-security-alerts-from-microsoft-cloud-to-3rd-party-siem-with-logic-apps-and-event-hub%2F%3C%2FA%3E%3C%2FP%3E%3CP%3EDOes%20it%20make%20sense%20%3F%3C%2FP%3E%3CP%3ERgds%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1923451%22%20slang%3D%22en-US%22%3ERe%3A%20cloud%20app%20security%20and%20SIEM%20agent%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1923451%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F870307%22%20target%3D%22_blank%22%3E%40Hamid285%3C%2FA%3Eto%20get%20all%20MCAS%20-%20Cloud%20App%20Security%20raw%20events%20you%20need%20the%20MCAS%20API%20via%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-US%2Fcloud-app-security%2Fsiem%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-US%2Fcloud-app-security%2Fsiem%3C%2FA%3E%20which%20will%20be%20ingested%20using%20remote%20syslog%20into%20Splunk%20(CEF-format).%3C%2FP%3E%3CP%3EAdditionally%20you%20need%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-US%2Fgraph%2Foverview%3Fview%3Dgraph-rest-1.0%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EMS%20Graph%20API%3C%2FA%3E%20for%20the%20high%20level%20telemetry%20-%20the%20%3CA%20href%3D%22https%3A%2F%2Fsplunkbase.splunk.com%2Fapp%2F4564%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ESplunk%20technical%20TA%20app%20is%20here%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Hamid285
New Contributor

‎Nov 16 2020 04:45 AM

‎Nov 16 2020 04:45 AM

cloud app security and SIEM agent

Hello,

We need to send our cloud app security alerts to our onpremise SIEM, we know that we can install a java program to setup cloud app security agent, by the way we ever used event HUB for AD azure service and to avoid installing a VM with cloud app security SIEM agent, one think is to use Azure Logic Apps to grab cloud app security alerts and forward them to event hub and then send alert's on across existing link with our onpremise SIEM.

Does it make sense or have u got advices about our idea ?

Thanks for your feedback.

 

Labels:
733 Views
0 Likes
4 Replies
Reply
4 Replies
caseykraus

‎Nov 20 2020 02:41 PM

‎Nov 20 2020 02:41 PM

Re: cloud app security and SIEM agent

@Hamid285 Have you seen this help doc? Does this provide an easier fix for you?

 

https://docs.microsoft.com/en-us/cloud-app-security/siem 

0 Likes
Reply
Hamid285

‎Nov 23 2020 12:11 AM

‎Nov 23 2020 12:11 AM

Re: cloud app security and SIEM agent

@caseykraus : Hello, thanks for your feedback.yes i saw this article but as explain we do not need to go by this way , but use MS SOAR with event hub :

https://securecloud.blog/2020/04/30/send-security-alerts-from-microsoft-cloud-to-3rd-party-siem-with...

DOes it make sense ?

Rgds,

0 Likes
Reply
BillTheKid

‎Nov 23 2020 05:22 AM

‎Nov 23 2020 05:22 AM

Re: cloud app security and SIEM agent

@Hamid285to get all MCAS - Cloud App Security raw events you need the MCAS API via https://docs.microsoft.com/en-US/cloud-app-security/siem which will be ingested using remote syslog into Splunk (CEF-format).

Additionally you need the MS Graph API for the high level telemetry - the Splunk technical TA app is here.

0 Likes
Reply
Hamid285

‎Nov 24 2020 08:36 AM

‎Nov 24 2020 08:36 AM

Re: cloud app security and SIEM agent

@BillTheKid : Hello and thanks for your feedback.

We will advice our customer to use cloud app security SIEM agent.

Rgds,

0 Likes
Reply