Hi,
Has anyone ever sent NETIQ identity manager logs to Microsoft Sentinel, is it via syslog? Is there any documentation available on how to achieve this?
Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Hi,
Has anyone ever sent NETIQ identity manager logs to Microsoft Sentinel, is it via syslog? Is there any documentation available on how to achieve this?
IDM uses CEF over Syslog as its audit protocols. See https://www.netiq.com/documentation/identity-manager-49/configure_auditing/data/identity-manager-set-up-cef-configuration.html on how to configure the components to send events to a syslog receiver.
Documentation on how to setup a syslog receiver for Microsoft Sentinel can be found here: https://learn.microsoft.com/en-us/azure/sentinel/cef-syslog-ama-overview?tabs=single
Thanks, this is really helpful.