Ingesting logs from Identity Cloud in Azure

Hello All,

We are in initial phases for a setup of FR Identity Cloud and would like to ingest the audit logs into our Azure Tenant. Has anyone here ingested logs into Azure platform, if yes, which component did you use in Azure. Thank you.

You can ingest the logs into sentinel via the rest api option. You can then configure that tool to alert on anything you want. You will have to incur a cost to ingest the logs so I would advise you tune this quite a bit as I have seen very large ingest bills because of this configuration. Unfortunately there is no standard SIEM integration that follow industry standards which would be helpful in ensuring easy integration and cost effective log storage.

1 Like

I ingest the audit logs from my on-prem ForgeRock Platform into Azure, using the REST API: Azure Monitor HTTP Data Collector API - Azure Monitor | Microsoft Learn Which I have just discovered is now deprecated. Apparently the Logs Ingestion API is the replacement now:

However, I don’t think FR Identity Cloud can directly send logs to Azure, you might need to build something the read the audit logs from Identity Cloud and forward them onto Azure: Get audit and debug logs :: ForgeRock Identity Cloud Docs

1 Like