Forum Discussion

Copper Contributor

Mar 29, 2019

Need Some Information on Azure Sentinel

Hi All, I have below questions with respect to Azure Sentinel. Please check the same and provide answer. it Is possible to integrate non syslog device with Sentinel? If yes, abc list of protoc...

CliveWatson

Former Employee

Apr 02, 2019

dipenms

1. Sentinel re-uses the Azure Log Analytics Agent (Windows and Linux versions) to get data like Logs, Perf, Syslog etc... https://docs.microsoft.com/en-us/azure/azure-monitor/platform/log-analytics-agent

2. Sentinel has a CEF connector: https://docs.microsoft.com/en-us/azure/sentinel/connect-common-event-format

3. The community site has some of the queries and detentions used today as part of the preview: https://github.com/Azure/Azure-Sentinel

5. https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources lists all the Microsoft services Sentinel connects to. When you say "how well" are you asking for Performance or SLA, or reliability? Please remember Sentinel is in Preview at the moment.

6. The preview show the Analytics (Alerts you specify) that then generate a Case. The Analytics in the future will be linked to a Playbook (Logic App).

agrigorof

Copper Contributor

Apr 06, 2019

CliveWatson Any ETA on the ability to assign a playbook to an alert trigger? If unknown, are there any other ways to run a playbook when the alerts are triggered?

Thanks,

Adrian Grigorof

Ofer_Shezaf
Microsoft
Apr 07, 2019
agrigorof: any day now
CliveWatson
Former Employee
Apr 07, 2019
Sorry I don't have a date, that will need to be disclosed by the Sentinel Product Group.
You can create an Azure Alert using the same query, to get a Logic App/Playbook triggered in the meantime?
CliveWatson
Former Employee
Apr 07, 2019
Sorry I don't have a date, that will need to be disclosed by the Sentinel Product Group. You can create an Azure Alert using the same query, to get a Logic App/Playbook triggered in the meantime?