Forum Discussion
Can Sentinel tell which network WAP my endpoint devices are connected to?
Hi,
I am not familiar with Sentinel.
Can it tell me which network Wireless Access Point that all the endpoint devices are connected to in real time?
My context is a large enterprise environment with mixed network vendors and equipment.
Since Sentinel can aggerate, maybe I could bring all the WAPs and Endpoint devices in?
Best regards,
Cheers,
2 Replies
- You could create a playbook, that gets triggered when an alert that you are interested in pops up.
Within the playbook you can extract the IP address from the alert‘s entities and use it to perform a KQL query in the table that holds your AP logs and search for a connection event or something like that.
Then create an update incident action and tag that incident with the AP‘s name or something. nhtkid everyone starts somewhere
short answer is yes to your question, Sentinel can correlate all the data you require and show which endpoints are connected to which WAPs in and around your environment
it's all a matter of ingesting logs from the devices you have and there are several pathways to do that
Check out this link below for data ingestion pathways into Sentinel for this
Microsoft Sentinel data connectors | Microsoft Learn
Best practices for data collection in Microsoft Sentinel | Microsoft Learn
Custom data ingestion and transformation in Microsoft Sentinel | Microsoft Learn
