Forum Discussion
how to connect varonis as a connector in sentinel
Hi, I would like to know the process of how can we connect Varonis as a data connector in sentinel.
I understand that by reading this article Azure Sentinel: The connectors grand (CEF, Syslog, Direct, Agent, Custom and more) - Microsoft Tech Community , we can connect Varonis through CEF connector. And I have read the instructions mentioned in the article(https://info.varonis.com/hubfs/docs/splunk-app/Varonis-App-for-Splunk-User-Guide.pdf),
This is what I understood, can anyone correct me if any?
- in Datalert configuration(in varonis), connect Syslog msg fwding by giving the Syslog server IP and port number.
- create an alert template with Syslog msg alert method.
***by this, varonis alerts/data will be sent to Syslog server****
3.now, we can connect easily from the Syslog server to sentinel easily by executing a few commands which I'm aware of.
2 Replies
Still using CEF for Varonis DatAlert? Or have you switched to Varonis Connection with Function?
We are on Varonis SaaS but connector default configuration on resources are observed as potential security gaps like storage account and function app.
i am looking for alternative
printscreen Yes correct, the 2 points as mentioned by you will be sufficient to connect Varonis to Azure Sentinel, provided you have all the configurations in place on Syslog Server for CEF forwarding.
