title | description | author | ms.topic | ms.date | ms.service | ms.author | ms.collection |
---|---|---|---|---|---|---|---|
GitLab connector for Microsoft Sentinel |
Learn how to install the connector GitLab to connect your data source to Microsoft Sentinel. |
cwatson-cat |
how-to |
04/26/2024 |
microsoft-sentinel |
cwatson |
sentinel-data-connector |
The GitLab connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.
This is autogenerated content. For changes, contact the solution provider.
Connector attribute | Description |
---|---|
Log Analytics table(s) | Syslog (GitlabAccess) Syslog (GitlabAudit) Syslog (GitlabApp) |
Data collection rules support | Workspace transform DCR |
Supported by | Microsoft Corporation |
GitLab Application Logs
GitLabApp
| sort by TimeGenerated
GitLab Audit Logs
GitLabAudit
| sort by TimeGenerated
GitLab Access Logs
GitLabAccess
| sort by TimeGenerated
Configuration
This data connector depends on three parsers based on a Kusto Function to work as expected GitLab Access Logs, GitLab Audit Logs and GitLab Application Logs which are deployed with the Microsoft Sentinel Solution.
- Install and onboard the agent for Linux
Typically, you should install the agent on a different computer from the one on which the logs are generated.
Syslog logs are collected only from Linux agents.
- Configure the logs to be collected
Configure the facilities you want to collect and their severities.
- Under workspace advanced settings Configuration, select Data and then Syslog.
- Select Apply below configuration to my machines and select the facilities and severities.
- Click Save.
For more information, go to the related solution in the Azure Marketplace.