Microsoft Cloud App Security Integration Guide
Microsoft Cloud App Security is a Cloud Access Security Broker (CASB) that supports various deployment modes, such as log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your Microsoft and third-party cloud services.
This document describes the steps to integrate Microsoft Cloud App Security with your WatchGuard Firebox.
Platform and Software
The hardware and software used to complete the steps outlined in this document include:
- Microsoft Cloud App Security Cloud
- WatchGuard Firebox
- Fireware v12.5.7
Test Topology
Set Up Microsoft Cloud App Security
- Log in to Microsoft Cloud App Security.
- Select Settings > Log collectors.
- On the Data sources tab, click Add data source.
- In the Name text box, type the data source name.
- From the Source drop-down list, select WatchGuard XTM.
- From the Receiver type drop-down list, select Syslog - UDP.
- Click Add.
- Select the Log collectors tab.
- Click Add log collector.
- In the Name text box, type the log collector name.
- In the Host IP address or FQDN text box, type the log collector server IP address.
- In the Data source(s) text box, select the data source you added.
- Click Create.
- Follow the guide to deploy the log collector server.
- Click Close.
Set Up Firebox
- Log in to Fireware Web UI (https://<your firebox IP address>:8080).
- Select System > Logging.
The Logging page opens. - Select the Syslog Server tab.
- Select the Send log messages to these syslog servers check box.
- Click Add.
The Syslog Server dialog box opens. - In the IP Address text box, type the IP address of your log collector server.
- In the Port text box, type 514.
- From the Log Format drop-down list, select IBM LEEF.
- Do not change the default values for the other Syslog Server settings.
- Click OK.
- Click Save.
You can configure logging in many locations in the Firebox configuration, such as policies and proxies. Make sure you select Send a log message when you want the Firebox to generate a log message for an event.
Test the Integration
- Log in to Microsoft Cloud App Security.
- Select Settings > Governance log.
- Confirm that the status for Parse Cloud Discovery log is Successful.
- Select Discover > Cloud Discovery.
- Confirm that integration was successful.
In the default firewall configuration state, with no proxy policies and no traffic through the Firebox, you might see the message "Failed, Log format does not match the expected format for WATCHGUARD_XTM_SYSLOG" in the governance log. You can safely ignore this message.