GitLab connector for Microsoft Sentinel
The GitLab connector allows you to easily connect your GitLab (GitLab Enterprise Edition - Standalone) logs with Microsoft Sentinel. This gives you more security insight into your organization's DevOps pipelines.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
Connector attribute | Description |
---|---|
Log Analytics table(s) | Syslog (GitlabAccess) Syslog (GitlabAudit) Syslog (GitlabApp) |
Data collection rules support | Workspace transform DCR |
Supported by | Microsoft Corporation |
Query samples
GitLab Application Logs
GitLabApp
| sort by TimeGenerated
GitLab Audit Logs
GitLabAudit
| sort by TimeGenerated
GitLab Access Logs
GitLabAccess
| sort by TimeGenerated
Vendor installation instructions
Configuration
This data connector depends on three parsers based on a Kusto Function to work as expected GitLab Access Logs, GitLab Audit Logs and GitLab Application Logs which are deployed with the Microsoft Sentinel Solution.
- Install and onboard the agent for Linux
Typically, you should install the agent on a different computer from the one on which the logs are generated.
Syslog logs are collected only from Linux agents.
- Configure the logs to be collected
Configure the facilities you want to collect and their severities.
- Under workspace advanced settings Configuration, select Data and then Syslog.
- Select Apply below configuration to my machines and select the facilities and severities.
- Click Save.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for