Learn more about the Azure Event Hub standard data source and content pack in Cortex XSIAM.
You can configure collecting Azure Event Hub logs using a standard data source or with a content pack:
Azure Event Hub vendor | Description |
|---|---|
Standard data source overview | Forward different types of logs to Cortex XSIAM from Azure Event Hub using the Microsoft Azure Event Hub data source. |
Link to standard data source instructions | The following types of logs can be ingested from Azure Event Hub:
For more information, see Ingest logs from Microsoft Azure Event Hub. |
Link to content pack details | Azure Logs: Use this content pack to ingest and normalize various Azure logs to the Cortex Data Model (XDM) schema, including Azure Entra ID events ingested via the Office 365 data source, and Azure Logs ingested via the Microsoft Azure Event Hub data source. It includes modeling and parsing rules for log normalization. |