Forum Discussion
Cloud Discovery Data Import - Sentinel vs Cloud App Sec
Hi,
Proxy logs benefit both Sentinel and Cloud App Security Cloud Discovery. What is the most sensible way of getting proxy log data into both with least amount of moving parts? For example, ZScaler emits CEF which can be consumed by Azure Log Forwarder into Sentinel, but then Cloud App Security cannot pick up from Sentinel.
- Banu JafarliMicrosoft
There are 3 methods to get Discovery deployed:
https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery
1. MDATP
2. Log Collector for firewalls such as Blue Coat and Palo Alto
3. Zscaler or iBoss
Could you provide more context around what you'd like to achieve?
- truekonradsBrass ContributorChiefly not send data twice to Microsoft cloud.
- SerggIron Contributor
Banu Jafarlii would like to refresh this old conversation.
It there a plan to combine MCAS and Sentinel (e.g. Log Analytics agent) collection agents? Streaming firewall logs from on-prem to cloud twice seems like waste of effort.