Home

Sentinel and data from GSuite, custom logs?

%3CLINGO-SUB%20id%3D%22lingo-sub-375790%22%20slang%3D%22en-US%22%3ESentinel%20and%20data%20from%20GSuite%2C%20custom%20logs%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-375790%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20any%20plan%20to%20integrate%20authentication%2Factivity%20data%20from%20GSuite%20into%20Sentinel%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20-%20what's%20the%20plan%20to%20add%20custom%20log%20data%20(eg.%2C%20LOB%20application%20logs)%20into%20Sentinel%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-376348%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20and%20data%20from%20GSuite%2C%20custom%20logs%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-376348%22%20slang%3D%22en-US%22%3EThanks!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-376097%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20and%20data%20from%20GSuite%2C%20custom%20logs%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-376097%22%20slang%3D%22en-US%22%3E%3CP%3EI%20cant%20answer%20part%201%2C%20but%20Log%20Analytics%20already%20has%20a%20Custom%20log%20feature%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-sources-custom-logs%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-sources-custom-logs%3C%2FA%3E%20you%20can%20enable%20that%20for%20the%20Log%20Analytics%20workspace%20Sentinel%20is%20using.%26nbsp%3B%20There%20is%20also%20a%20CEF%20and%20Syslog%20connector%20in%20Sentinel.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888826%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20and%20data%20from%20GSuite%2C%20custom%20logs%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888826%22%20slang%3D%22en-US%22%3EIf%20you%20have%20Cloud%20App%20Security%20you%20can%20pull%20logs%20with%20their%20setup%20(%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fconnect-google-apps-to-microsoft-cloud-app-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fcloud-app-security%2Fconnect-google-apps-to-microsoft-cloud-app-security%3C%2FA%3E)%20and%20then%20should%20be%20able%20to%20pull%20that%20into%20Sentinel%20via%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-cloud-app-security%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-cloud-app-security%3C%2FA%3E%20.%20It%20would%20be%20nice%20if%20they%20gave%20us%20a%20way%20to%20do%20it%20directly%2C%20though.%3C%2FLINGO-BODY%3E
Karen McGregor
Microsoft

Is there any plan to integrate authentication/activity data from GSuite into Sentinel?

 

And - what's the plan to add custom log data (eg., LOB application logs) into Sentinel?

3 Replies

I cant answer part 1, but Log Analytics already has a Custom log feature https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources-custom-logs you can enable that for the Log Analytics workspace Sentinel is using.  There is also a CEF and Syslog connector in Sentinel.

If you have Cloud App Security you can pull logs with their setup ( https://docs.microsoft.com/en-us/cloud-app-security/connect-google-apps-to-microsoft-cloud-app-secur...) and then should be able to pull that into Sentinel via https://docs.microsoft.com/en-us/azure/sentinel/connect-cloud-app-security . It would be nice if they gave us a way to do it directly, though.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies