Azure Sentinel
Copied!
Home
Options
365
Ofer_Shezaf on 08-13-2019 11:53 PM
544
Ofer_Shezaf on 08-07-2019 02:30 AM
2,802
Ashwin_Patil on 07-31-2019 07:45 AM
1,176
Ofer_Shezaf on 07-22-2019 05:15 PM
1,452
Pete Bryan on 06-25-2019 08:27 AM
2,580
ianhelle on 06-17-2019 08:27 AM
2,567
Ashwin_Patil on 06-10-2019 07:44 AM
2,722
ianhelle on 06-05-2019 05:02 PM
2,143
Ashwin_Patil on 05-15-2019 07:00 AM
2,367
ianhelle on 05-13-2019 06:32 AM
2,034
Tim Burrell (MSTIC) on 05-01-2019 08:34 AM
2,829
ianhelle on 04-25-2019 05:11 PM
1,912
ianhelle on 04-22-2019 08:27 AM
6,378
ianhelle on 04-16-2019 08:22 AM
4,446
shainw on 04-11-2019 09:00 AM
Latest Comments
Ah I see. So why can't Sentinel use LinuxAudit? Sorry if this is the wrong place to ask but I'm trying to get LinuxAudit working at the moment and the data doesn't seem to show up in the workspace.I wasn't sure if it had been silently retired or something. I've had a support request open for a while...
0 Likes
@Nodrog Yep. Russell (author of the blog) is in the same team as me and I have been working with the OMS auditd data for a while in Azure Security Center. Unfortunately, this isn't yet there in the Azure Sentinel implementation - so this is a kind of stop-gap until it arrives. More generally though,...
0 Likes
So why do you need to import it as a custom log?The omsagent is supposed to support auditd through the auoms extension. Here's a blog post about it
0 Likes
Hello @oshrih7145 Recently we announced Azure Lighthouse (see https://docs.microsoft.com/en-us/azure/lighthouse/concepts/cross-tenant-management-experience for more info), and this enables Azure Sentinel for the multi-tenant scenario.
0 Likes
helloIs it possible to connect azure sentinel for multiple azure ad tenants, so we can control and audit a different directory, which is not under the tenanted generated by sentinel workspace ?
0 Likes