Analyzing Azure DevOps auditing streams in your SIEM of choice

Azure DevOps is the cornerstone of CI/CD Pipelines (amongst other DevOps capabilities…) for a lot of organizations that want to optimize workload build and release processes. In the growing domain of cyber-attacks, hackers are targeting the user’s identity far more than they try to break in through traditional network layers. SIEM (Security Incident and Event Management Tool) solutions allow for analyzing this data and providing reactive protection mechanisms, as well as analytical insights. Auditing Streams for Azure DevOps allow organizations to capture audit logs and have them analyzed by your trusted SIEM solution. Within Azure, the core services helping in providing this auditing stream are Azure Monitor, Azure Sentinel and Azure EventGrid. But you are not limited to using Azure services for this, as it is perfectly doable to shift these auditing logs to external solutions like Splunk.

In this session, Peter De Tender, Azure Technical Trainer at Microsoft with a focus on Architecture and DevOps together with James Cook, Cloud and DevOps blogger with background experience in education and fintech will guide you through the core architectural design in Azure to establish Azure DevOps auditing, detailing the capabilities of Auditing Streams (currently in preview) and how it can be beneficial for your organization. And as typical in Peter’s sessions, this will be spiced up with compelling demos and room for Q&A.