Entra ID sign in/audit logs custom rules
85 views
Skip to first unread message
håkon haakensen
Nov 18, 2024, 7:48:04 AM11/18/24
to Wazuh | Mailing List
Hi Team!
I have made a custom ingestion pipeline to ingest entra ID sign in logs/audit logs to wazuh. before i make my own rules to trigger on these events i was wondering if someone already did it and might have postet the rules somewhere?
I have made a custom ingestion pipeline to ingest entra ID sign in logs/audit logs to wazuh. before i make my own rules to trigger on these events i was wondering if someone already did it and might have postet the rules somewhere?
I have seatched around, but cant seem to find any rules related to entra ID sign in/audit.
malena...@wazuh.com
Nov 18, 2024, 9:26:21 AM11/18/24
to Wazuh | Mailing List
Hello Hakon!
Wazuh has no rules or decoders to generate events from EntraID logs. However, I have found this decoder and rules made by a user:
https://github.com/yunusmrcoban/wazuh-custom/blob/main/EntraID/EntraID_decoder.xml
It is important to clarify that this documentation is not official, we have not tested it, nor analyzed it. It is your responsibility to use them.
I hope you find them useful. Good luck!
Wazuh has no rules or decoders to generate events from EntraID logs. However, I have found this decoder and rules made by a user:
https://github.com/yunusmrcoban/wazuh-custom/blob/main/EntraID/EntraID_decoder.xml
It is important to clarify that this documentation is not official, we have not tested it, nor analyzed it. It is your responsibility to use them.
I hope you find them useful. Good luck!
håkon haakensen
Nov 21, 2024, 4:28:26 AM11/21/24
to Wazuh | Mailing List
Thank you! I will look into that.
Reply all
Reply to author
Forward
0 new messages