Azure & Office 365, Oh My

Is there a "good" way to ingest logs from Azure, Azure AD and / or Office 365 via logstash? I have just been handed these requirements..

I started working on this issue with Microsoft's Cloud App Security logs last week. I'm not sure about other Microsoft log sources, but CAS logs are exported in CEF format. As of right now, I'm looking at parsing CAS logs via a logstash pipeline.

I'll post an update here as soon as I have something to share.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.