Sep 27 2017
09:02 AM
- last edited on
Apr 07 2022
04:44 PM
by
TechCommunityAP
Sep 27 2017
09:02 AM
- last edited on
Apr 07 2022
04:44 PM
by
TechCommunityAP
Hello everyone,
I am new to Azure and currently doing security monitoring in azure security center. I have few questions that i would like to ask.
Currently there are syslogs coming in from machines and i am to create rules to fire an alert if it detects security events. so my questions are:
1. does azure come with pre defined default rule? if yes where are they and how can i enable/disable them.
Oct 02 2017 10:28 PM
I will forward this to one of the experts in this area
Oct 03 2017 03:52 AM
Hi Shiva,
There is a new capability in Azure Security Center to turn every log query into security alert. See documentation here: https://docs.microsoft.com/en-us/azure/security-center/security-center-custom-alert and recorded demo here: https://youtu.be/e8iFCz5RM4g?t=1486.
About ingestion of security solutions, we do prefer using CEF over Syslog rather than simple Syslog though both are possible. CEF provides more structured format and indexing. See more details on CEF support here: https://docs.microsoft.com/en-us/azure/security-center/security-center-partner-integration.
Hope it helps,
Meir :>