Forum Discussion
Victor1989
Jan 13, 2023Copper Contributor
log ingestion, analytic rules creation for sentinel (trend micro, Forcepoint DLP ,UpGuard BreachSit
Hi Community , need help in log ingestion and analytic use case creation for sentinel for below devices.
| VPN Devices | Cisco FTD |
| WLC | Cisco |
| Email Logs iron port | Cisco |
| Trend Micro XDR | Trend Micro ApexOne/CloudOne |
| DLP Server | Forcepoint Endpoint |
| UpGuard Logs | UpGuard BreachSight |
1 Reply
- Clive_WatsonBronze Contributor
Trend Apex One comes with Rules to try:
The Forcepoint DLP Solution in Sentinel, doesn't have any Rules but there is a Workbook, so I'd look at the queries it uses as a starting point Azure-Sentinel/ForcepointDLP.json at ea0af641f3bd9aafea98d373e4346d1cbd5833c1 · Azure/Azure-Sentinel (github.com)
This is an area I'd love to see Microsoft and the vendors improve, I think the minimum requirement should be one Analytic Rule, to get a Solution accepted into Sentinel (unless the data source supports a released ASIM parser).
For the others I'd typically look for a similar product that has Use cases and adapt those.