Forum Discussion

audit_bdtrainee's avatar
audit_bdtrainee
Copper Contributor
Aug 06, 2024

Azure Demo Lab

Hi All,

I have tried the Sentinel Training lab from "content hub" and now I want to create a small demo lab for Sentinel with certain Azure VMs.

One of the use cases is - alerting when a someone has logged in from different geolocations than where the VM is situated. How can I achieve getting logs of someone trying to connect from different geolocations to the same VM. I can create alerts based on that in Sentinel.

Thanks all !

  • Ankit's avatar
    Ankit
    Brass Contributor
    Hi,

    you can achieve this by following procedure -

    Enable Azure VM logging - Collect relevant logs - create detection rule - configure alerting
    • audit_bdtrainee's avatar
      audit_bdtrainee
      Copper Contributor
      Hello,
      Thank you for responding.

      My question is - how do I create a lab environment for this use case. I want to generate logs using Azure infrastructure to generate logs from different geolocations that are connecting to a VM. Would I have to use a VPN or what is the way?

      I have enabled the VM logging. Collecting relevant logs is where I am stuck at. Thanks for the help!

Resources