Microsoft Azure Security Center, First Edition

Chapter 7 Security incident and event management (SIEM) integration with Splunk

In this chapter you will learn how to integrate Azure Security Center with Splunk so that information gathered by Azure Security Center can be integrated into your on-premises Splunk deployments.

Figure 7-1 provides a high-level view of the overall architecture of the solution. The key enabling features for the solution include Azure Event Hubs, Azure Monitor, and a Security incident and event management (SIEM) connector add-on that enables the SIEM to poll the event hub to bring the information into the on-premises SIEM.

A diagram showing a high level view of the overall architecture of the Azure Security Center and Splunk integration solution.

FIGURE 7-1 A high-level view of the overall ...

Get Microsoft Azure Security Center, First Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Azure Security Center, First Edition by Tom Shinder, Yuri Diogenes

Chapter 7 Security incident and event management (SIEM) integration with Splunk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly