Forum Discussion
Linux and Untangle Support
Hello all, We're conducting tests regarding Azure Sentinel's features and wanted to clarify some points. Regarding Syslog for Linux devices, it only seems that 11 preconfigured analytic temp...
1. There are a few extra Detections in the Github and you can author your own https://github.com/Azure/Azure-Sentinel/tree/master/Detections/Syslog you can even post them back to the Github for others to use. 3rd party sites like SOC Prime and other Githubs have lots of examples https://tdm.socprime.com/login/
2. How does Untangle log its data, if Syslog or CEF you can use those connectors, if api you may need to use a Playbook, if a file, the Customlog is an option? Example parsers for other products (and data connectors) are all in te Github https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
2. How does Untangle log its data, if Syslog or CEF you can use those connectors, if api you may need to use a Playbook, if a file, the Customlog is an option? Example parsers for other products (and data connectors) are all in te Github https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
Dear, thank you for your response !
- For the first point, that's exactly what I'm searching for in fact, if you know more websites or git repos that have query/rules examples covering many basic and advanced detection please let me know.
- For Untangle, yes it's formatted in syslog yes.
1. Some places I use, in no particular order, and please do your own diligence as these are not Microsoft sites:
- https://tdm.socprime.com/login/ (just use a Enterprise email to create a free account)
- https://github.com/wortell/KQL
- https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections
2. So please try the Syslog connector. Hopefully you wont need a parser for this data source.