With the rapid adoption of cloud services in businesses around the world, it's crucial that your security monitoring solution also keeps up. This article focuses on Azure Cloud with a step-by-step guide on how to integrate IBM QRadar with Azure Active Directory.
Not many years ago we enrolled customers who only had on-premises systems where we collected logs the old-fashioned way. Nowadays we see cloud-only customers and hybrid customers with the need for consolidation of logs in one solution.
Azure offers a set of integration capabilities to third party SIEM systems. However, in this article we cover Azure Event Hubs. We have chosen this method since IBM QRadar ships with a protocol to connect to Azure Event Hubs, and a DSM to parse Azure Active Directory logs.
Guide on how to integrate Azure AD with QRadar
You will find the necessary integration instructions on how to integrate Azure AD with QRadar on Google – if you’re willing to invest some time and patience. However, you will easily find yourself using more time than feels necessary to get these integrations up and running. With this as a motivator this guide to Integrating Azure AD with QRadar was created. There are other Azure Services that support streaming to Event Hubs, so with small adjustments the following guide can be utilized for other integrations that just Azure Active Directory.
Download Guide: Integrating Azure AD with QRadar (pdf)
The guide is intended to help to speed up the integrations, for the benefit of both customers and partners. Download your own copy from the link below!
If you like what you read, please follow us on Linkedin to receive news of future technical guides and articles.