OLD WIKI STEPS FOR SIEM SETUP ON AZURE - Pratiksha-Marane/duplo-docs GitHub Wiki

This document will describe how to setup siem on azure based duplo portal

Repo: https://github.com/duplocloud-internal/duplo-templates/tree/main

1. Create "compliance" tenant under default infra.

2. Deploy template siem/master/azure/siem-template-azure.json using scribe.

3. Get the IP of SIEM host deployed at #2 and update reverse proxy.

4. Create a new tenant in user infra.

5. Deploy agent using template siem/agents/ossec-dockernative.json as daemon set under new tenant.

Note: Create tenant per infra and deploy daemon set under it.