Integrating the F5 BIGIP with Azure Sentinel

So here’s the deal; I have a few F5 BIG-IP VEs deployed across the globe protecting my cloud-hosted applications. It sure would be nice if there was a way to send all that event and statistical data ...
Published Jun 12, 2019
Version 1.0
application delivery
ASM Advanced WAF
Azure
cloud
Greg_Coward's avatar
Greg_Coward
Icon for Employee rankEmployee
Oct 11, 2019

Hello Roberto,

 

My apologies for the delayed response. Below is a sample of the JSON I believe you are looking for to hookup TS streaming with an Azure workspace. This sample should follow the above walk-through. With that said, Azure has now migrated from dashboards to azure workbooks. The workbooks can be found out https://portal.azure.com/?feature.workbooks=true

 

 {

   "class": "Telemetry",

   "controls": {

     "class": "Controls",

     "logLevel": "info"

   },

   "My_Poller": {

     "class": "Telemetry_System_Poller",

     "interval": 60

   },

   "My_Listener": {

     "class": "Telemetry_Listener",

     "port": 6514

   },

   "My_Consumer": {

     "class": "Telemetry_Consumer",

     "type": "Azure_Log_Analytics",

     "workspaceId": "<INSERT WORKSPACE ID>",

     "passphrase": {

       "cipherText": "<INSERT PRIMARY KEY>"

     }

   }

 }