Error - Wazuh integration Azure Log Analytics

49 views
Skip to first unread message

Facu Basgall

unread,
Dec 10, 2025, 12:49:59 PM (7 days ago) Dec 10
to Wazuh | Mailing List

I am trying to integrate Wazuh with Azure - Logs Analytics, I followed the documentation but I am getting this error.

The same application works for Office365 and MS Graph

Can you help me?

20251210_125533.jpeg
20251210_125409.jpeg

Carlos Ezequiel Bordon

unread,
Dec 10, 2025, 1:57:30 PM (7 days ago) Dec 10
to Wazuh | Mailing List

Hi, in the logs you shared, we can see the error: Log Analytics: 403 Client Error: Forbidden for url ..... This may indicate some permission issues in your application. I'm sharing the Log Analytics guide so you can review it and correct the necessary permissions for the integration to work.

https://documentation.wazuh.com/current/cloud-security/azure/log-analytics.html#granting-permissions-to-the-application

Facu Basgall

unread,
Dec 12, 2025, 7:07:06 AM (5 days ago) Dec 12
to Wazuh | Mailing List

The permissions are correct, in fact I am using the same application to send data from office365 and ms graph.

Carlos Ezequiel Bordon

unread,
Dec 15, 2025, 2:32:39 PM (2 days ago) Dec 15
to Wazuh | Mailing List
Can you share the configuration blocks corresponding to the queries that appear in the logs you shared?

```
RiskyServicePrincipals
ServicePrincipalRiskEvents
ProvisioningLogs
```

Facu Basgall

unread,
Dec 16, 2025, 9:04:36 AM (yesterday) Dec 16
to Wazuh | Mailing List

Hi

All modules are configured the same way and none of them work: AuditLogs, SignInLogs, NonInteractiveUserSignInLogs, ServicePrincipalSignInLogs, RiskyUsers, UserRiskEvents, RiskyServicePrincipals, ServicePrincipalRiskEvents, ProvisioningLogs


In the first comment I sent you a snippet of the logs and configuration.

Reply all
Reply to author
Forward
0 new messages