Technology
Which Data Sources Can Be Used by Microsoft Azure Sentinel?
For the majority of organizations and businesses in today’s digital landscape, data security is paramount for cloud infrastructures. Also known as cybersecurity among IT professionals and system administrators, safeguarding critical systems and sensitive information from digital threats can be complicated and complex since it often involves large-scale and resource-intensive solution deployment. This does not mean that data security is out of reach, but corporations and organizations alike need to do their due diligence when deciding on a cloud-native security solution. This company can help.
If you are a business or large corporation that is finding cloud and data management to be a complex and arduous task, Microsoft Azure Sentinel is here to help. When you need to deal with operational processes, surfacing insights at scale, or investigating incidents, Microsoft Azure Sentinel is one of the top solutions for security at all levels for the modern enterprise and for mid-size businesses that are rapidly growing.
What Is Microsoft Azure Sentinel?
To better understand what data sources can be used by Microsoft Azure Sentinel, it’s fundamental to understand what Azure Sentinel is and how it operates.
The software consists of the following:
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
Microsoft Azure Sentinel is a cloud-native and scalable solution that delivers threat intelligence and security analytics across an organization. It offers a single control center dedicated to proactive hunting, threat response, alert detection, and threat visibility. With advanced SIEM/SOAR features and capabilities, Azure Sentinel keeps organizations protected and secured against a variety of cyber threats and attacks.
It also collects data at a large scale from different infrastructures, users, applications, and devices—both on-premises and in the cloud. Azure Sentinel ensures that security in Azure is more accessible and more scalable to manage. With modern AI and security innovations at its disposal, an organization’s IT infrastructure can benefit from real-time intelligent security analytics.
This allows IT professionals and system administrators to:
- Collect valuable data (whether on-premise or via cloud sources)
- Detect security risks using threats intelligence and analytical tools
- Respond more efficiently with automation and built-in processes
- Investigate suspicious activity with artificial intelligence (AI)
Safeguarding Enterprise Data
Being able to analyze large volumes of data across enterprise operations is a strategic advantage that Azure Sentinel is known for. With its aggregator capability, it can collect and compile data from every accessible source, such as system users, applications, servers, and devices that run on-premise or in the cloud. Furthermore, it includes built-in connectors for easy onboarding of popular security solutions.
Onboarding Microsoft Sentinel for Your Enterprise or Business
To initiate the onboarding process, you first need to connect your data sources. Azure Sentinel has many connectors for Microsoft solutions that are available out-of-the-box and provide real-time integration.
Some of these connectors include the following:
- Microsoft 365 Defender, Microsoft Defender for Cloud, Office 365, and Microsoft Defender for IoT
- Azure Active Directory, Azure Activity, Azure Storage, Azure Key Vault, and Azure Kubernetes service
After the Onboarding Process
Once the onboarding process is complete and integrated with your company’s workspace, you can utilize data connectors to start inputting your data into Azure Sentinel.
For example, if you want a service-to-service connector that integrates data from Office 365, you can use Microsoft 365 Defender, Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Applications.
Azure Data Sources
This data table lists supported Azure and third-party data source schemas.
| Type | Data Source | Log Analytics Tablename |
|---|---|---|
| Azure | Azure Active Directory | SigninEvents |
| Azure | Azure Active Directory | AuditLogs |
| Azure | Azure Active Directory | AzureActivity |
| Azure | Office | OfficeActivity |
| Azure | Azure Key Vault | AzureDiagnostics |
| Host | Linux | Syslog |
| Network | IIS Logs | W3CIISLog |
| Network | VMinsights | VMConnection |
| Network | Wire Data Solution | WireData |
| Network | NSG Flow Logs | AzureNetworkAnalytics |
Vendor Data Sources from Third Parties
The following table lists supported third-party vendors and their Syslog or Common Event Format (CEF)-mapping documentation for various supported log types, which contain CEF field mappings and sample logs for each category type.
| Type | Vendor | Product | Log Analytics Tablename |
|---|---|---|---|
| Network | Palo Alto | PAN OS | CommonSecurityLog |
| Network | Check Point | ALL | CommonSecurityLog |
| Network | Fortigate | ALL | CommonSecurityLog |
| Network | Barracuda | Web Application Firewall | CommonSecurityLog |
| Network | Cisco | ASA | CommonSecurityLog |
| Network | Cisco | Firepower | CommonSecurityLog |
| Network | Cisco | Umbrella | CommonSecurityLog |
| Network | Cisco | Meraki | CommonSecurityLog |
| Network | Zscaler | Nano Streaming Service (NSS) | CommonSecurityLog |
| Network | F5 | BigIP LTM | CommonSecurityLog |
| Network | F5 | BigIP LTM | CommonSecurityLog |
| Network | Citrix | Web App Firewall | CommonSecurityLog |
| Host | Symantec | Symantec Endpoint Protection Manager (SEPM) | CommonSecurityLog |
| Host | TrendMicro | All | CommonSecurityLog |
Data Collection Best Practices & Recommendations
- If you are unsure which data connectors will best serve your digital security framework, start by enabling all free data connectors
- Regarding your partner and custom data connectors, begin first by configuring Syslog and CEF connectors (with the highest priority first), including other Linux-based devices
- If at some point your data ingestion becomes too expensive, stop or filter the logs forward utilizing Azure Monitor Agent
The Best Instagram Profile Picture Zooming Tool in 2023
Google launches new generative AI functions for search to rival Microsoft’s Bing
Get back Hurdling in Fortnite: Fortnite to get back Hurdling in Chapter 5 Season 1.
Baldur’s Gate 3: All Astarion Endings Analyzed
Xbox reveals strike system: Xbox reveals innovative enforcement strike system for player responsibility
Baldur’s Gate 3: Fixing the Open Hand Temple Murders
Apple’s Emergency SOS via satellite rescues relatives trapped in wildfires
Why Slots Are The Best Casino Online Ireland Games
Fortnite: How to claim capture points?
Apple presents new Discovery Station on Apple Music: Check all the details here
WhatsApp Screen Sharing Feature: WhatsApp currently supports screen sharing in video calls
