azure sentinel with 3rd party integration

%3CLINGO-SUB%20id%3D%22lingo-sub-1812217%22%20slang%3D%22en-US%22%3Eazure%20sentinel%20with%203rd%20party%20integration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1812217%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3BI%20would%20like%20to%20know%20if%20there%20was%20any%20way%20to%20integrate%20our%203rd%20party%20antivirus%20to%20Azure%20Sentinel%20to%20collect%20the%20logs.%3C%2FP%3E%3CP%3EI%20am%20aware%20that%20we%20have%20connector%20for%20specific%20apps%20to%20do%20he%20same%2C%20but%20this%20was%20not%20available.%20Security%20applications%20like%20Trend%20Micro%2C%20Kaspersky%20etc..%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22%22%3ECould%20some%20one%20help%20me%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1812472%22%20slang%3D%22en-US%22%3ERe%3A%20azure%20sentinel%20with%203rd%20party%20integration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1812472%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F843548%22%20target%3D%22_blank%22%3E%40lintu2154%3C%2FA%3E%26nbsp%3BAny%203rd%20party%20app%20that%20can%20export%20their%20logs%20into%20the%20Syslog%20or%20CEF%20format%20can%20easily%20be%20ingested%20into%20Azure%20Sentinel.%26nbsp%3B%20If%20this%20is%20not%20possible%20you%20can%20always%20write%20your%20own.%26nbsp%3B%20This%20page%20tells%20you%20how%20to%20get%20the%20data%20into%20Azure%20Sentinel.%26nbsp%3B%20You%20will%20need%20to%20see%20how%20to%20get%20if%20off%20the%203rd%20party%20system.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-collector-api%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fplatform%2Fdata-collector-api%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%2C%20if%20you%20don't%20already%20know%2C%20there%20is%20a%20page%20that%20lists%20all%20the%20systems%20that%20Azure%20Sentinel%20has%20been%20connected%20to.%26nbsp%3B%20It%20does%20show%20Trend%20Micro%20and%20Kaspersky.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-the-connectors-grand-cef-syslog-direct-agent%2Fba-p%2F803891%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-the-connectors-grand-cef-syslog-direct-agent%2Fba-p%2F803891%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1818768%22%20slang%3D%22en-US%22%3ERe%3A%20azure%20sentinel%20with%203rd%20party%20integration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1818768%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3BThanks%20a%20lot%20for%20the%20response.%20As%20mentioned%2C%20I%20saw%20the%20Trend%20Micro%20connector%2C%20it%20seems%20to%20be%20for%20Trend%20Micro%20Deep%20Security%20version%20and%20one%20I%20am%20looking%20for%20is%20Trend%20Micro%20WFB%20version.%20I%20am%20not%20sure%20if%20the%20connector%20can%20be%20applied%20for%20the%20WFB%20version%20also%2C%20can%20it%20be%20used%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1818807%22%20slang%3D%22en-US%22%3ERe%3A%20azure%20sentinel%20with%203rd%20party%20integration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1818807%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F843548%22%20target%3D%22_blank%22%3E%40lintu2154%3C%2FA%3E%26nbsp%3BIn%20that%20case%20you%20would%20most%20likely%20need%20to%20contact%20your%20Trend%20Micro%20repo%20to%20see%20if%20the%20system%20can%20export%20it%20logs%20and%20what%20format%20it%20uses.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOnce%20you%20get%20it%20working%2C%20drop%20an%20Email%20to%20Ofer%20so%20that%20it%20can%20be%20added%20to%20the%20list.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

 I would like to know if there was any way to integrate our 3rd party antivirus to Azure Sentinel to collect the logs.

I am aware that we have connector for specific apps to do he same, but this was not available. Security applications like Trend Micro, Kaspersky etc..? 

 

Could some one help me? 

3 Replies

@lintu2154 Any 3rd party app that can export their logs into the Syslog or CEF format can easily be ingested into Azure Sentinel.  If this is not possible you can always write your own.  This page tells you how to get the data into Azure Sentinel.  You will need to see how to get if off the 3rd party system.

 

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-collector-api

 

Also, if you don't already know, there is a page that lists all the systems that Azure Sentinel has been connected to.  It does show Trend Micro and Kaspersky.

 

https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-the-connectors-grand-cef-syslog...

Hello @Gary Bushey 

 Thanks a lot for the response. As mentioned, I saw the Trend Micro connector, it seems to be for Trend Micro Deep Security version and one I am looking for is Trend Micro WFB version. I am not sure if the connector can be applied for the WFB version also, can it be used? 

@lintu2154 In that case you would most likely need to contact your Trend Micro repo to see if the system can export it logs and what format it uses.

 

Once you get it working, drop an Email to Ofer so that it can be added to the list.