search

cisagov / LME

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure.
https://www.cisa.gov/resources-tools/services/logging-made-easy
Other
898 stars 72 forks source link

Ingesting Entra ID Logs into Elasticsearch #308

Open rgbrow1949 opened 6 months ago

rgbrow1949 commented 6 months ago

Part 2 of 2 for #246 (Part 1: #307 )

Once the json files have been exported, they need to be ingested into elastic search as part of the LME install. Also the exporter needs to be on a timer.

Identity logs are valuable and in LME 2.0, the rearchitecture will allow us to bring in new logs from Azure Active Directory.

We should look into ways to collect Entra logs and what infrastructure changes would we need to make to LME to do it.

Available tools:

Ethan Bowen's Export-AAD tool: https://github.com/25004/Export-AAD.git Untitled Good Tool: https://github.com/cisagov/untitledgoosetool

rgbrow1949 commented 6 months ago

Adding myself as a watcher

safiuddinr commented 2 months ago

This is a 2.0+.