How to integrate Azure ATP with SIEM

%3CLINGO-SUB%20id%3D%22lingo-sub-617720%22%20slang%3D%22en-US%22%3EHow%20to%20integrate%20Azure%20ATP%20with%20SIEM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-617720%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20found%20this%20article%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fcef-format-sa%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fcef-format-sa%3C%2FA%3E%20which%20explains%20the%20format%20to%20integrate%20Azure%20ATP%20with%20SIEMs%2C%20but%20I%20can't%20find%20any%20article%20explaining%20HOW%20to%20actually%20do%20that%20integration.%20Any%20help%20will%20be%20apprectiated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-618852%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20integrate%20Azure%20ATP%20with%20SIEM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-618852%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F345219%22%20target%3D%22_blank%22%3E%40nbriones%3C%2FA%3E%26nbsp%3BDid%20you%20get%20to%20read%20this%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fsetting-syslog%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fsetting-syslog%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

I just found this article https://docs.microsoft.com/en-us/azure-advanced-threat-protection/cef-format-sa which explains the format to integrate Azure ATP with SIEMs, but I can't find any article explaining HOW to actually do that integration. Any help will be apprectiated.

1 Reply