{"id":20666167,"url":"https://github.com/hazcod/tail2sen","last_synced_at":"2026-03-03T03:37:18.892Z","repository":{"id":209604217,"uuid":"724482855","full_name":"hazcod/tail2sen","owner":"hazcod","description":"Go program that fetches Tailscale audit \u0026 network logs to ingest into Microsoft Sentinel SIEM.","archived":false,"fork":false,"pushed_at":"2025-04-04T06:53:52.000Z","size":140,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-04T07:34:08.383Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hazcod.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-28T07:01:12.000Z","updated_at":"2025-04-04T06:53:50.000Z","dependencies_parsed_at":"2024-01-17T08:49:38.937Z","dependency_job_id":"34dc7165-d557-4031-acb5-30b54ef21d7a","html_url":"https://github.com/hazcod/tail2sen","commit_stats":null,"previous_names":["hazcod/tail2sen"],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftail2sen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftail2sen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftail2sen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hazcod%2Ftail2sen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hazcod","download_url":"https://codeload.github.com/hazcod/tail2sen/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249740174,"owners_count":21318680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T19:35:41.739Z","updated_at":"2026-03-03T03:37:18.820Z","avatar_url":"https://github.com/hazcod.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tail2sentinel\n\nA Go program that exports Tailscale network logs and events to Microsoft Sentinel SIEM.\nTwo tables are used; `TailscaleAudit` for audit logs and `TailscaleNetwork` for network logs.\n\n## Running\n\nFirst create a yaml file, such as `config.yml`:\n```yaml\nlog:\n  level: INFO\n\nmicrosoft:\n  app_id: \"\"\n  secret_key: \"\"\n  tenant_id: \"\"\n  subscription_id: \"\"\n  \n  audit_output:\n      resource_group: \"\"\n      workspace_name: \"\"\n    \n      dcr:\n        endpoint: \"\"\n        rule_id: \"\"\n        stream_name: \"\"\n    \n      expires_months: 6\n      update_table: false\n      \n    network_output:\n      resource_group: \"\"\n      workspace_name: \"\"\n\n      dcr:\n        endpoint: \"\"\n        rule_id: \"\"\n        stream_name: \"\"\n\n      expires_months: 6\n      update_table: false\n\ntailscale:\n  tailnet: \"\"\n  client_id: \"\"\n  client_secret: \"\"\n  lookback_days: 30\n```\n\nAnd now run the program from source code:\n```shell\n% make\ngo run ./cmd/... -config=dev.yml\nINFO[0000] shipping logs                                 module=sentinel_logs table_name=TailscaleLogs total=82\nINFO[0002] shipped logs                                  module=sentinel_logs table_name=TailscaleLogs\nINFO[0002] successfully sent logs to sentinel            total=82\n```\n\nOr binary:\n```shell\n% tail2sen -config=config.yml\n```\n\n## Building\n\n```shell\n% make build\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhazcod%2Ftail2sen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhazcod%2Ftail2sen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhazcod%2Ftail2sen/lists"}