Azures Sentinel Security Events collection using OMS gateway

%3CLINGO-SUB%20id%3D%22lingo-sub-2788195%22%20slang%3D%22en-US%22%3EAzures%20Sentinel%20Security%20Events%20collection%20using%20OMS%20gateway%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788195%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20collect%20Security%20Events%20from%20windows%20machines%20on-premises%20using%20the%20OMS%20gateway.%3C%2FP%3E%3CP%3EI've%20already%20added%20the%20MDATP%20subscription%20ID%2C%20I'm%20trying%20now%20to%20add%20the%20Sentinal%20Subscription%20ID.%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20firewall%20on%20the%20outbound%20traffic%2C%20so%20I%20need%20to%20add%20rules%20in%20the%20firewall%20to%20allow%20the%20Azure%20URLs%20.%3C%2FP%3E%3CP%3EI%20cannot%20find%20the%20URLs%20that%20OMS%20uses%20to%20communicate%20with%20azure%20(Log%20Analytics).%26nbsp%3B%3C%2FP%3E%3CP%3EWould%20you%20please%20advise%20which%20URLs%20should%20I%20allow%20on%20the%20firewall%3F%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi all, 

 

I'm trying to collect Security Events from windows machines on-premises using the OMS gateway.

I've already added the MDATP subscription ID, I'm trying now to add the Sentinal Subscription ID. 

I have a firewall on the outbound traffic, so I need to add rules in the firewall to allow the Azure URLs .

I cannot find the URLs that OMS uses to communicate with azure (Log Analytics). 

Would you please advise which URLs should I allow on the firewall? 

Regards,

 

 

0 Replies