Forum Discussion

Copper Contributor

Oct 23, 2020

azure sentinel with 3rd party integration

I would like to know if there was any way to integrate our 3rd party antivirus to Azure Sentinel to collect the logs. I am aware that we have connector for specific apps to do he same, but this was...

GaryBushey

Bronze Contributor

Oct 23, 2020

lintu2154 Any 3rd party app that can export their logs into the Syslog or CEF format can easily be ingested into Azure Sentinel. If this is not possible you can always write your own. This page tells you how to get the data into Azure Sentinel. You will need to see how to get if off the 3rd party system.

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collector-api

Also, if you don't already know, there is a page that lists all the systems that Azure Sentinel has been connected to. It does show Trend Micro and Kaspersky.

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-the-connectors-grand-cef-syslog-direct-agent/ba-p/803891

lintu2154
Copper Contributor
Oct 26, 2020
Hello GaryBushey
Thanks a lot for the response. As mentioned, I saw the Trend Micro connector, it seems to be for Trend Micro Deep Security version and one I am looking for is Trend Micro WFB version. I am not sure if the connector can be applied for the WFB version also, can it be used?
- GaryBushey
  Bronze Contributor
  Oct 26, 2020
  lintu2154 In that case you would most likely need to contact your Trend Micro repo to see if the system can export it logs and what format it uses.
  
  Once you get it working, drop an Email to Ofer so that it can be added to the list.