Forum Discussion

PhilippeA's avatar
PhilippeA
Copper Contributor
Jul 14, 2020

Azure ATP syslog events - Firewall settings ???

Hi,   what is/are the range(s) to open (on our perimeter firewall) towards our internal syslog proxy (that forwards to the internal SIEM), that is to receive AATP syslog events ?? I didn't find an...
EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Jul 14, 2020

PhilippeA yes, with one correction, the notifications are not sent/pushed, they are pulled by the sensor from the backend (when available) .

PhilippeA's avatar
PhilippeA
Copper Contributor
Jul 14, 2020

OK, that makes more sense now...  ðŸ˜‰

(the techs are gonna be happy, they were freaking out...    :-))

 

Any idea whether the 'pull' approach induces any delay, and if yes, how much (+-) ?

 

And btw, many, many thanks !!!

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Jul 15, 2020

    PhilippeA I can estimate 1-30 sec delay.