Unable to ingest SIME Integration logs for Cloud Apps
Hi All,
We are trying to setup SIEM integration for Microsoft Defender for Cloud Apps using this https://learn.microsoft.com/en-gb/defender-cloud-apps/siem. We performed the all following steps but not able to get the logs as per mention on the official doc.
We are getting below logs which is not inline with the expected sample logs provided over https://learn.microsoft.com/en-us/defender-cloud-apps/siem:
Connecting socket to xyz.us2.portal.cloudappsecurity.com/52.184.165.82:443 with timeout 30000
“{“agentType”:”MCAS_SIEM”,”version”:”0.111.126″,”operationsStatus”:[{“operationType”:”forwardData”,”success”:true,”messages”:[],”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4ntmymzi5mdawjmxhc3rbbgvydelkpty2nmviogu5mdawmdawmdawmdawmdawma==”},{“operationType”:”sleep”,”success”:true,”messages”:[]}]}”
Connection established 100.64.0.1:49261<->52.184.165.82:443
============
Connection established 100.64.0.1:63977<->52.184.165.82:443
http-outgoing-48: set socket timeout to 60000
{“agentType”:”MCAS_SIEM”,”version”:”0.111.126″,”operationsStatus”:[{“operationType”:”sleep”,”success”:true,”messages”:[]},{“operationType”:”forwardData”,”success”:true,”messages”:[],”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkynjmwmzgxjmxhc3rbbgvydelkpty2nzjhzme1mdawmdawmdawmdawmdawma==”}]}”
{“nextOperations”:[{“type”:”sleep”,”duration”:300000},{“type”:”forwardData”,”sourceDataUrl”:”https://xyz.us2.portal.cloudappsecurity.com/api/v1/agents/siem/get_data/?lastActivityCreated=1718792915260&lastAlertId=6672b0d50000000000000000&operationId=bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkyote1mjywjmxhc3rbbgvydelkpty2nzjimgq1mdawmdawmdawmdawmdawma==”,”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkyote1mjywjmxhc3rbbgvydelkpty2nzjimgq1mdawmdawmdawmdawmdawma==”,”targetHost”:”127.0.0.1″,”targetPort”:”514″,”targetProtocol”:”udp”}]}”
Can you please provide support, what changes we need to do to for getting the activity and alerts logs.
Thank You
Hi All,We are trying to setup SIEM integration for Microsoft Defender for Cloud Apps using this https://learn.microsoft.com/en-gb/defender-cloud-apps/siem. We performed the all following steps but not able to get the logs as per mention on the official doc.We are getting below logs which is not inline with the expected sample logs provided over https://learn.microsoft.com/en-us/defender-cloud-apps/siem: Connecting socket to xyz.us2.portal.cloudappsecurity.com/52.184.165.82:443 with timeout 30000
“{“agentType”:”MCAS_SIEM”,”version”:”0.111.126″,”operationsStatus”:[{“operationType”:”forwardData”,”success”:true,”messages”:[],”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4ntmymzi5mdawjmxhc3rbbgvydelkpty2nmviogu5mdawmdawmdawmdawmdawma==”},{“operationType”:”sleep”,”success”:true,”messages”:[]}]}”
Connection established 100.64.0.1:49261<->52.184.165.82:443
============
Connection established 100.64.0.1:63977<->52.184.165.82:443
http-outgoing-48: set socket timeout to 60000
{“agentType”:”MCAS_SIEM”,”version”:”0.111.126″,”operationsStatus”:[{“operationType”:”sleep”,”success”:true,”messages”:[]},{“operationType”:”forwardData”,”success”:true,”messages”:[],”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkynjmwmzgxjmxhc3rbbgvydelkpty2nzjhzme1mdawmdawmdawmdawmdawma==”}]}”
{“nextOperations”:[{“type”:”sleep”,”duration”:300000},{“type”:”forwardData”,”sourceDataUrl”:”https://xyz.us2.portal.cloudappsecurity.com/api/v1/agents/siem/get_data/?lastActivityCreated=1718792915260&lastAlertId=6672b0d50000000000000000&operationId=bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkyote1mjywjmxhc3rbbgvydelkpty2nzjimgq1mdawmdawmdawmdawmdawma==”,”operationId”:”bgfzdefjdgl2axr5q3jlyxrlzd0xnze4nzkyote1mjywjmxhc3rbbgvydelkpty2nzjimgq1mdawmdawmdawmdawmdawma==”,”targetHost”:”127.0.0.1″,”targetPort”:”514″,”targetProtocol”:”udp”}]}” Can you please provide support, what changes we need to do to for getting the activity and alerts logs. Thank You Read More