Forum Discussion
audit_bdtrainee
Aug 06, 2024Copper Contributor
Azure Demo Lab
Hi All,
I have tried the Sentinel Training lab from "content hub" and now I want to create a small demo lab for Sentinel with certain Azure VMs.
One of the use cases is - alerting when a someone has logged in from different geolocations than where the VM is situated. How can I achieve getting logs of someone trying to connect from different geolocations to the same VM. I can create alerts based on that in Sentinel.
Thanks all !
- AnkitBrass ContributorHi,
you can achieve this by following procedure -
Enable Azure VM logging - Collect relevant logs - create detection rule - configure alerting- audit_bdtraineeCopper ContributorHello,
Thank you for responding.
My question is - how do I create a lab environment for this use case. I want to generate logs using Azure infrastructure to generate logs from different geolocations that are connecting to a VM. Would I have to use a VPN or what is the way?
I have enabled the VM logging. Collecting relevant logs is where I am stuck at. Thanks for the help!