Azure Log Integration for ArcSight - Multiple JSON parsers?
While following the documentation for Azure log integration with SIEM (link), i've created a JSON connector and added the AzureRM json parser. This works great, but RM only parses the Resource Manager itself.
I've wanted to make sure that, next to the Resource Manager information, also the other information (AD and Security Center) would get in our SIEM.
Allthough write a parser would not be a big problem, the issue i'm experiencing, is that i need to create multiple "JSON Flex Connectors", instead of being able to use 1 software connector that can read multiple directories and parse them using multiple JSON parsers for the specific files.
Does anyone else experience this issue and/or has a solution for this?
Thank you in advance.
Í've been creating some flexparsers, But do you know if there are any supported versions for Security Center or AD?
Do you have any flexparsers available?
Even i tried to install the flex connector for JSON file from Azure. following the link https://blogs.msdn.microsoft.com/azuresecurity/2016/08/23/azure-log-siem-configuration-steps/
When ever any new json file arrives in the folder, i receive an update
1. File processing started
2. File processing ended: Success
But .cant find any azure events.
Please suggest if i m missing anything
These posts are quite old now, so the information is a bit out of date.
It is highly recommended that users of Azure utilizes the Event Hubs, not only for SIEM, but in general all new Azure log collection happens on this layer.
It is possible to configure any/most of the Azure products and applications including AD to log towards one or more EventHubs, which you can then connect the connectors towards.
For connector specific information, please refer to the relevant documentation:
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.