Integrate Azure logs with Wazuh
717 views
Skip to first unread message
Funda Denoya
Sep 8, 2022, 3:41:20 AM9/8/22
to Wazuh mailing list
Hi all,
I want to ask,
How to forwarding azure logs to wazuh.
I have done step by step which is on the website, but the data not showing on wazuh.
Any help would be greatly appreciated.
Thank you.
Best Regards.
Nicolas Zapata
Sep 8, 2022, 8:44:58 AM9/8/22
to Wazuh mailing list
Hi, thanks for using Wazuh!
I will be helping you with your problem in a few moments
In the meantime, did you make sure you have configured both, the API permissions in the azure part and the ossec.conf configuration in wazuh? have you configured the azure wodle correctly?
I will be helping you with your problem in a few moments
In the meantime, did you make sure you have configured both, the API permissions in the azure part and the ossec.conf configuration in wazuh? have you configured the azure wodle correctly?
Funda Denoya
Sep 8, 2022, 10:08:02 PM9/8/22
to Wazuh mailing list
Hi Nicolas,
I'm a new user wazuh
I followed this step by step on the website: https://documentation.wazuh.com/current/azure/activity-services/prerequisites/credentials.html
then i put crdential
<log_analytics>,
<graph> , <storage> and save on the ossec.conf
when i'm restart wazuh-manager, it show running normally.
But the log can't send to wazuh.
What different Microsoft Graph and Log Analytics?
can you give me guide how to fix this problem.
Thank you very much.
Best Regards
Nicolas Zapata
Sep 9, 2022, 11:30:46 AM9/9/22
to Wazuh mailing list
Hello, sorry for the delay, since you are a new user, I will explain step by step how to enable azure logs in wazuh.
Basically you need to configure Microsoft Graph if you want to get logs from AzureAD and use LogsAnalytics if you want to monitor activity and azure services.
After you have followed the steps in our documentation of configuring credetials.
Wazuh provides you 3 options to monitor Azure:
- Monitoring instances by installing the Wazuh agent on them.
- Monitoring the Azure Portal and its services.
- Monitoring the Azure Active Directory (Azure AD)
First of all it is necessary to configure a series of prerequisites (these may vary depending on what you are looking for):
This is what you have been doing, But in summary this part is to give wazuh azure module access,
so that it can monitor the services so it will depend on what you need.
Regarding your question about the difference of Microsoft Graph and Log analytics :
- Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows, and Enterprise Mobility + Security. More info here.
- Azure Log Analytics is a service that monitors your infrastructure offering query capabilities that allow you to perform advanced searches specific to your data.
Basically you need to configure Microsoft Graph if you want to get logs from AzureAD and use LogsAnalytics if you want to monitor activity and azure services.
2. You need to configure what you have chosen to monitor
Funda Denoya
Sep 11, 2022, 10:55:56 PM9/11/22
to Wazuh mailing list
Dear Nicolas,
I have already create graph & log analytics.
do i only configure one? or both?
when i check log, i find error on azure_logs.
Thank you very much.
Best Regards.
Reply all
Reply to author
Forward
0 new messages