Forum Discussion
Linux and Untangle Support
Hello all, We're conducting tests regarding Azure Sentinel's features and wanted to clarify some points. Regarding Syslog for Linux devices, it only seems that 11 preconfigured analytic temp...
Dear, thank you for your response !
- For the first point, that's exactly what I'm searching for in fact, if you know more websites or git repos that have query/rules examples covering many basic and advanced detection please let me know.
- For Untangle, yes it's formatted in syslog yes.
1. Some places I use, in no particular order, and please do your own diligence as these are not Microsoft sites:
- https://tdm.socprime.com/login/ (just use a Enterprise email to create a free account)
- https://github.com/wortell/KQL
- https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections
2. So please try the Syslog connector. Hopefully you wont need a parser for this data source.